Sync pki to chromium 8049b24a3fa617e66c5d3fc0e9322bb07c500f49
Change-Id: Ib65febca30ce312f2c8fd6d6dbc85f24987b50d8
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62245
Auto-Submit: Bob Beck <bbe@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/pki/crl.cc b/pki/crl.cc
index ff3e704..99eb359 100644
--- a/pki/crl.cc
+++ b/pki/crl.cc
@@ -467,8 +467,9 @@
std::string normalized_crl_issuer;
if (!NormalizeNameTLV(tbs_cert_list.issuer_tlv, &normalized_crl_issuer))
return CRLRevocationStatus::UNKNOWN;
- if (der::Input(&normalized_crl_issuer) != target_cert->normalized_issuer())
+ if (der::Input(normalized_crl_issuer) != target_cert->normalized_issuer()) {
return CRLRevocationStatus::UNKNOWN;
+ }
if (tbs_cert_list.crl_extensions_tlv.has_value()) {
std::map<der::Input, ParsedExtension> extensions;
@@ -584,8 +585,10 @@
//
// As the |issuer_cert| is from the already validated chain, it is already
// known to chain to the same trust anchor as the target certificate.
- if (der::Input(&normalized_crl_issuer) != issuer_cert->normalized_subject())
+ if (der::Input(normalized_crl_issuer) !=
+ issuer_cert->normalized_subject()) {
continue;
+ }
// 6.3.3 (f) If a key usage extension is present in the CRL issuer's
// certificate, verify that the cRLSign bit is set.
