2019-12-03 08:31:24 +00:00
|
|
|
diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c
|
|
|
|
--- a/lib/pki/pki3hack.c
|
|
|
|
+++ b/lib/pki/pki3hack.c
|
|
|
|
@@ -921,11 +921,11 @@
|
2019-11-28 15:13:41 +00:00
|
|
|
}
|
2019-12-03 08:31:24 +00:00
|
|
|
if (!cc->nssCertificate || forceUpdate) {
|
|
|
|
fill_CERTCertificateFields(c, cc, forceUpdate);
|
|
|
|
- } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess &&
|
|
|
|
- !c->object.cryptoContext) {
|
|
|
|
- /* if it's a perm cert, it might have been stored before the
|
|
|
|
- * trust, so look for the trust again. But a temp cert can be
|
|
|
|
- * ignored.
|
|
|
|
+ } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) {
|
|
|
|
+ /* If it's a perm cert, it might have been stored before the
|
|
|
|
+ * trust, so look for the trust again. If it's a temp cert, it
|
|
|
|
+ * might have been stored before the builtin module is loaded,
|
|
|
|
+ * so still need to look for the trust again.
|
|
|
|
*/
|
|
|
|
CERTCertTrust *trust = NULL;
|
|
|
|
trust = nssTrust_GetCERTCertTrustForCert(c, cc);
|
|
|
|
|