Paul Neyman wrote:
Hello!
I've been trying to create a new CRL using crlutil, and it gets stuck in
an infinite loop. I've traced it down to SECU_FindCrlIssuer function.
Here's the excerpt from the code:
while ( ! CERT_LIST_END(node, certList) ) {
cert = node->cert;
if (CERT_CheckCertUsage(cert, KU_CRL_SIGN) != SECSuccess ||
!cert->trust) {
continue;
}
/* select the first (newest) user cert */
if (CERT_IsUserCert(cert)) {
rv = SECSuccess;
goto success;
}
}
So, if the certificate is not trusted, and the call to CheckCertUsage
does not return a success, the loop will restart from the head, because
there's no advancement over the list.
Am I missing something here?
Thanks.
This bug was fixed in NSS 3.11.1 . Pull source from the NSS_3_11_1_RTM
CVS tag .
See https://bugzilla.mozilla.org/show_bug.cgi?id=325307 .
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
