# HG changeset patch
# Parent f241f48841a5d480f898cb7c34f3438aaa9a6c40
# User Brian Smith <bsmith@mozilla.com>
Bug 713934, Part 2, version 1: Update SetCertVerificationResult to use SSL_AuthCertificateComplete, r?honzab
diff --git a/security/manager/ssl/src/nsNSSIOLayer.cpp b/security/manager/ssl/src/nsNSSIOLayer.cpp
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -964,31 +964,31 @@ nsNSSSocketInfo::SetCertVerificationWait
void
nsNSSSocketInfo::SetCertVerificationResult(PRErrorCode errorCode,
SSLErrorMessageType errorMessageType)
{
NS_ASSERTION(mCertVerificationState == waiting_for_cert_verification,
"Invalid state transition to cert_verification_finished");
- if (errorCode != 0) {
- SetCanceled(errorCode, errorMessageType);
- } else if (mFd) {
- // We haven't closed the connection already, so restart it
- SECStatus rv = SSL_RestartHandshakeAfterAuthCertificate(mFd);
- if (rv != SECSuccess) {
+ if (mFd) {
+ SECStatus rv = SSL_AuthCertificateComplete(mFd, errorCode);
+ // Only replace errorCode if there was originally no error
+ if (rv != SECSuccess && errorCode == 0) {
errorCode = PR_GetError();
+ errorMessageType = PlainErrorMessage;
if (errorCode == 0) {
- NS_ERROR("SSL_RestartHandshakeAfterAuthCertificate didn't set error code");
+ NS_ERROR("SSL_AuthCertificateComplete didn't set error code");
errorCode = PR_INVALID_STATE_ERROR;
}
- SetCanceled(errorCode, PlainErrorMessage);
}
- } else {
- // If we closed the connection alreay, we don't have anything to do
+ }
+
+ if (errorCode) {
+ SetCanceled(errorCode, errorMessageType);
}
mCertVerificationState = after_cert_verification;
}
nsresult nsNSSSocketInfo::GetSSLStatus(nsISSLStatus** _result)
{
NS_ENSURE_ARG_POINTER(_result);