From 32ad37b3f7ca48564bd15de2664f323ad4a2d367 Mon Sep 17 00:00:00 2001
From: Roxie Linden <roxie@lindenlab.com>
Date: Mon, 24 May 2010 16:21:29 -0700
Subject: Few more touchups for the cert performance code

---
 indra/newview/llsechandler_basic.cpp            |  5 ++---
 indra/newview/tests/llsechandler_basic_test.cpp | 10 +++++++++-
 2 files changed, 11 insertions(+), 4 deletions(-)

(limited to 'indra')

diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index a81cde3126..5f24d4398a 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -1006,7 +1006,7 @@ void LLBasicCertificateStore::validate(int validation_policy,
 									   const LLSD& validation_params)
 {
 
-	if(size() < 1)
+	if(cert_chain->size() < 1)
 	{
 		throw LLCertException(NULL, "No certs in chain");
 	}
@@ -1160,9 +1160,8 @@ void LLBasicCertificateStore::validate(int validation_policy,
 	}
 	if (validation_policy & VALIDATION_POLICY_TRUSTED)
 	{
-		LLPointer<LLCertificate> untrusted_ca_cert = (*this)[size()-1];
 		// we reached the end without finding a trusted cert.
-		throw LLCertValidationTrustException((*this)[size()-1]);
+		throw LLCertValidationTrustException((*cert_chain)[cert_chain->size()-1]);
 
 	}
 	mTrustedCertCache[sha1_hash] = std::pair<LLDate, LLDate>(from_time, to_time);	
diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp
index dfbd596d39..df0673a159 100644
--- a/indra/newview/tests/llsechandler_basic_test.cpp
+++ b/indra/newview/tests/llsechandler_basic_test.cpp
@@ -963,8 +963,15 @@ namespace tut
 
 		// basic failure cases
 		test_chain = new LLBasicCertificateChain(NULL);
-		//validate with only the child cert
+		//validate with only the child cert in chain, but child cert was previously
+		// trusted
 		test_chain->add(new LLBasicCertificate(mX509ChildCert));
+		
+		// validate without the trust flag.
+		test_store->validate(VALIDATION_POLICY_TRUSTED, test_chain, validation_params);	
+		
+		// Validate with child cert but no parent, and no parent in CA store
+		test_store = new LLBasicCertificateStore("mycertstore.pem");
 		ensure_throws("no CA, with only a child cert", 
 					  LLCertValidationTrustException, 
 					  (*test_chain)[0],
@@ -1033,6 +1040,7 @@ namespace tut
 		test_chain = new LLBasicCertificateChain(NULL);
 		test_chain->add(new LLBasicCertificate(mX509TestCert));
 
+		test_store = new LLBasicCertificateStore("mycertstore.pem");		
 		ensure_throws("Cert doesn't have ku", 
 					  LLCertKeyUsageValidationException, 
 					  (*test_chain)[0],
-- 
cgit v1.2.3