nss/nss-3.47-certdb-temp-cert.patch

22 lines
956 B
Diff
Raw Normal View History

diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c
--- a/lib/pki/pki3hack.c
+++ b/lib/pki/pki3hack.c
@@ -921,11 +921,11 @@
}
if (!cc->nssCertificate || forceUpdate) {
fill_CERTCertificateFields(c, cc, forceUpdate);
- } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess &&
- !c->object.cryptoContext) {
- /* if it's a perm cert, it might have been stored before the
- * trust, so look for the trust again. But a temp cert can be
- * ignored.
+ } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) {
+ /* If it's a perm cert, it might have been stored before the
+ * trust, so look for the trust again. If it's a temp cert, it
+ * might have been stored before the builtin module is loaded,
+ * so still need to look for the trust again.
*/
CERTCertTrust *trust = NULL;
trust = nssTrust_GetCERTCertTrustForCert(c, cc);