ITS#7287 MozNSS: do not overwrite error in tlsm_verify_cert

diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index b608551e4dce051c12c27077ad1686e46c73c8aa..4c183602ee896315f0b0b1aee9466328d6d25390 100644 (file)
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -1019,6 +1019,10 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
                                   is self issued */
                                if ( ( node->error == SEC_ERROR_CA_CERT_INVALID ) &&
                                         tlsm_cert_is_self_issued( node->cert ) ) {
+
+                                       PRErrorCode orig_error = PR_GetError();
+                                       PRInt32 orig_oserror = PR_GetOSError();
+
                                        CERTBasicConstraints basicConstraint;
                                        SECStatus rv = tlsm_get_basic_constraint_extension( node->cert, &basicConstraint );
                                        if ( ( rv == SECSuccess ) && ( basicConstraint.isCA == PR_FALSE ) ) {
@@ -1032,6 +1036,9 @@ tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
                                                           "TLS: certificate [%s] is not valid - CA cert is not valid\n",
                                                           name, 0, 0 );
                                        }
+
+                                       PR_SetError(orig_error, orig_oserror);
+
                                } else if ( errorToIgnore && ( node->error == errorToIgnore ) ) {
                                        Debug( debug_level,
                                                   "TLS: Warning: ignoring error for certificate [%s] - error %ld:%s.\n",