Blame SOURCES/nss-3.79-fix-client-cert-crash.patch
|
 |
76478b |
diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c
|
|
|
76478b |
--- a/lib/ssl/authcert.c
|
|
|
76478b |
+++ b/lib/ssl/authcert.c
|
|
|
76478b |
@@ -201,16 +201,19 @@ NSS_GetClientAuthData(void *arg,
|
|
|
76478b |
|
|
|
76478b |
/* otherwise look through the cache based on usage
|
|
|
76478b |
* if chosenNickname is set, we ignore the expiration date */
|
|
|
76478b |
if (certList == NULL) {
|
|
|
76478b |
certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
|
|
|
76478b |
certUsageSSLClient,
|
|
|
76478b |
PR_FALSE, chosenNickName == NULL,
|
|
|
76478b |
pw_arg);
|
|
|
76478b |
+ if (certList == NULL) {
|
|
|
76478b |
+ return SECFailure;
|
|
|
76478b |
+ }
|
|
|
76478b |
/* filter only the certs that meet the nickname requirements */
|
|
|
76478b |
if (chosenNickName) {
|
|
|
76478b |
rv = CERT_FilterCertListByNickname(certList, chosenNickName,
|
|
|
76478b |
pw_arg);
|
|
|
76478b |
} else {
|
|
|
76478b |
int nnames = 0;
|
|
|
76478b |
char **names = ssl_DistNamesToStrings(caNames, &nnames);
|
|
|
76478b |
rv = CERT_FilterCertListByCANames(certList, nnames, names,
|