add ability to notify user that chain is incomplete

security/nss/lib/base/errorval.c

@@ -32,7 +32,7 @@
  */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: errorval.c,v $ $Revision: 1.3 $ $Date: 2001/09/20 20:33:27 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: errorval.c,v $ $Revision: 1.4 $ $Date: 2001/10/17 15:48:05 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -81,3 +81,5 @@ const NSSError NSS_ERROR_USER_CANCELED                  = 29;
 
 const NSSError NSS_ERROR_MAXIMUM_FOUND                  = 30;
 
+const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND   = 31;
+

security/nss/lib/certhigh/certhigh.c

@@ -1047,7 +1047,7 @@ loser:
     stanCert = STAN_GetNSSCertificate(cert);
     /* XXX usage */
     stanChain = NSSCertificate_BuildChain(stanCert, NULL, NULL, NULL, NULL,
-                                                    0, NULL);
+                                                    0, NULL, NULL);
     if (!stanChain) {
 	return NULL;
     }

security/nss/lib/pki/certificate.c

@@ -32,7 +32,7 @@
  */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.9 $ $Date: 2001/10/17 14:40:20 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.10 $ $Date: 2001/10/17 15:48:07 $ $Name:  $";
 #endif /* DEBUG */
 
 #ifndef NSSPKI_H
@@ -434,7 +434,8 @@ NSSCertificate_BuildChain
   NSSPolicies *policiesOpt,
   NSSCertificate **rvOpt,
   PRUint32 rvLimit, /* zero for no limit */
-  NSSArena *arenaOpt
+  NSSArena *arenaOpt,
+  PRStatus *statusOpt
 )
 {
     PRStatus nssrv;
@@ -452,9 +453,8 @@ NSSCertificate_BuildChain
 	    c = find_issuer_cert_for_identifier(c, issuerID);
 	    nss_ZFreeIf(issuerID);
 	    if (!c) {
-#if 0
 		nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND);
-#endif
+		if (statusOpt) *statusOpt = PR_FAILURE;
 		goto finish;
 	    }
 	} else {
@@ -464,15 +464,15 @@ NSSCertificate_BuildChain
 	                                                    usage,
 	                                                    policiesOpt);
 	    if (!c) {
-#if 0
 		nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND);
-#endif
+		if (statusOpt) *statusOpt = PR_FAILURE;
 		goto finish;
 	    }
 	}
 	nssList_Add(chain, c);
 	if (nssList_Count(chain) == rvLimit) goto finish;
     }
+    if (statusOpt) *statusOpt = PR_SUCCESS;
 finish:
     if (rvOpt) {
 	rvChain = rvOpt;

security/nss/lib/pki/nsspki.h

@@ -35,7 +35,7 @@
 #define NSSPKI_H
 
 #ifdef DEBUG
-static const char NSSPKI_CVS_ID[] = "@(#) $RCSfile: nsspki.h,v $ $Revision: 1.5 $ $Date: 2001/10/12 17:54:50 $ $Name:  $";
+static const char NSSPKI_CVS_ID[] = "@(#) $RCSfile: nsspki.h,v $ $Revision: 1.6 $ $Date: 2001/10/17 15:48:08 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -227,8 +227,16 @@ NSSCertificate_Encode
  * in the "chain" starting from the specified one up to and
  * including the root.  The zeroth element in the array is the
  * specified ("leaf") certificate.
+ *
+ * If statusOpt is supplied, and is returned as PR_FAILURE, possible
+ * error values are:
+ *
+ * NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND - the chain is incomplete
+ *
  */
 
+extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND;
+
 NSS_EXTERN NSSCertificate **
 NSSCertificate_BuildChain
 (
@@ -238,7 +246,8 @@ NSSCertificate_BuildChain
   NSSPolicies *policiesOpt,
   NSSCertificate **rvOpt,
   PRUint32 rvLimit, /* zero for no limit */
-  NSSArena *arenaOpt
+  NSSArena *arenaOpt,
+  PRStatus *statusOpt
 );
 
 /*