diff options
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java | 16 | ||||
-rw-r--r-- | pki/base/tps/src/engine/RA.cpp | 9 |
2 files changed, 14 insertions, 11 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java index c66d8a71d..12965a52e 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java @@ -1002,7 +1002,8 @@ public class CertUtils { String auditMessage = null; IConfigStore config = CMS.getConfigStore(); String certlsit = ""; - boolean r = true; + boolean verifyResult = true; + boolean r = true; /* the final return value */ try { String subsysType = config.getString("cs.type", ""); if (subsysType.equals("")) { @@ -1014,8 +1015,7 @@ public class CertUtils { ""); audit(auditMessage); - r = false; - return r; + return false; } subsysType = toLowerCaseSubsystemType(subsysType); if (subsysType == null) { @@ -1027,8 +1027,7 @@ public class CertUtils { ""); audit(auditMessage); - r = false; - return r; + return false; } String certlist = config.getString(subsysType + ".cert.list", ""); if (certlist.equals("")) { @@ -1041,15 +1040,16 @@ public class CertUtils { ""); audit(auditMessage); - r = false; - return r; + return false; } StringTokenizer tokenizer = new StringTokenizer(certlist, ","); while (tokenizer.hasMoreTokens()) { String tag = tokenizer.nextToken(); tag = tag.trim(); CMS.debug("CertUtils: verifySystemCerts() cert tag=" + tag); - r = verifySystemCertByTag(tag); + verifyResult = verifySystemCertByTag(tag); + if (verifyResult == false) + r = false; //r captures the value for final return } } catch (Exception e) { // audit here diff --git a/pki/base/tps/src/engine/RA.cpp b/pki/base/tps/src/engine/RA.cpp index 7b8e7adcc..862b9e105 100644 --- a/pki/base/tps/src/engine/RA.cpp +++ b/pki/base/tps/src/engine/RA.cpp @@ -3399,7 +3399,8 @@ TPS_PUBLIC bool RA::verifySystemCertByNickname(const char *nickname, const char * tps.cert.audit_signing.certusage=ObjectSigner */ TPS_PUBLIC bool RA::verifySystemCerts() { - bool rv = false; + bool verifyResult = false; + bool rv = false; /* final return value */ char configname[256]; char configname_nn[256]; char configname_cu[256]; @@ -3434,6 +3435,7 @@ TPS_PUBLIC bool RA::verifySystemCerts() { "cert nickname not found for cert tag:%s", sresult); PR_snprintf(audit_msg, 512, "%s undefined in CS.cfg", configname_nn); RA::Audit(EV_CIMC_CERT_VERIFICATION, AUDIT_MSG_FORMAT, "System", "Failure", audit_msg); + sresult = PL_strtok_r(NULL, ",", &lasts); rv = false; continue; } @@ -3451,14 +3453,15 @@ TPS_PUBLIC bool RA::verifySystemCerts() { "Verifying cert tag: %s, nickname:%s, certificate usage:%s" , sresult, nn, (cu!=NULL)? cu: ""); - rv = verifySystemCertByNickname(nn, cu); - if (rv == true) { + verifyResult = verifySystemCertByNickname(nn, cu); + if (verifyResult == true) { RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", "cert verification passed on cert nickname:%s", nn); PR_snprintf(audit_msg, 512, "Certificate verification succeeded:%s", nn); RA::Audit(EV_CIMC_CERT_VERIFICATION, AUDIT_MSG_FORMAT, "System", "Success", audit_msg); } else { + rv = false; RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", "cert verification failed on cert nickname:%s", nn); PR_snprintf(audit_msg, 512, "Certificate verification failed:%s", |