diff -r 5f37cb170013 -r 5425f43ef15c mozilla-nss-compat.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-nss-compat.patch Sat Feb 18 22:21:30 2012 +0100 @@ -0,0 +1,50 @@ +# HG changeset patch +# Parent f241f48841a5d480f898cb7c34f3438aaa9a6c40 +# User Brian Smith +Bug 713934, Part 2, version 1: Update SetCertVerificationResult to use SSL_AuthCertificateComplete, r?honzab + +diff --git a/security/manager/ssl/src/nsNSSIOLayer.cpp b/security/manager/ssl/src/nsNSSIOLayer.cpp +--- a/security/manager/ssl/src/nsNSSIOLayer.cpp ++++ b/security/manager/ssl/src/nsNSSIOLayer.cpp +@@ -964,31 +964,31 @@ nsNSSSocketInfo::SetCertVerificationWait + + void + nsNSSSocketInfo::SetCertVerificationResult(PRErrorCode errorCode, + SSLErrorMessageType errorMessageType) + { + NS_ASSERTION(mCertVerificationState == waiting_for_cert_verification, + "Invalid state transition to cert_verification_finished"); + +- if (errorCode != 0) { +- SetCanceled(errorCode, errorMessageType); +- } else if (mFd) { +- // We haven't closed the connection already, so restart it +- SECStatus rv = SSL_RestartHandshakeAfterAuthCertificate(mFd); +- if (rv != SECSuccess) { ++ if (mFd) { ++ SECStatus rv = SSL_AuthCertificateComplete(mFd, errorCode); ++ // Only replace errorCode if there was originally no error ++ if (rv != SECSuccess && errorCode == 0) { + errorCode = PR_GetError(); ++ errorMessageType = PlainErrorMessage; + if (errorCode == 0) { +- NS_ERROR("SSL_RestartHandshakeAfterAuthCertificate didn't set error code"); ++ NS_ERROR("SSL_AuthCertificateComplete didn't set error code"); + errorCode = PR_INVALID_STATE_ERROR; + } +- SetCanceled(errorCode, PlainErrorMessage); + } +- } else { +- // If we closed the connection alreay, we don't have anything to do ++ } ++ ++ if (errorCode) { ++ SetCanceled(errorCode, errorMessageType); + } + + mCertVerificationState = after_cert_verification; + } + + nsresult nsNSSSocketInfo::GetSSLStatus(nsISSLStatus** _result) + { + NS_ENSURE_ARG_POINTER(_result);