diff -rupN nss-3.15.1/nss/lib/certdb/crl.c ournss/nss/lib/certdb/crl.c
--- nss-3.15.1/nss/lib/certdb/crl.c 2013-06-27 10:58:08.000000000 -0700
+++ ournss/nss/lib/certdb/crl.c 2013-08-30 16:04:24.000000000 -0700
@@ -2609,7 +2609,7 @@ cert_CheckCertRevocationStatus(CERTCerti
PRBool lockedwrite = PR_FALSE;
SECStatus rv = SECSuccess;
CRLDPCache* dpcache = NULL;
- CERTRevocationStatus status = certRevocationStatusRevoked;
+ CERTRevocationStatus status = certRevocationStatusUnknown;
CERTCRLEntryReasonCode reason = crlEntryReasonUnspecified;
CERTCrlEntry* entry = NULL;
dpcacheStatus ds;
@@ -2629,6 +2629,8 @@ cert_CheckCertRevocationStatus(CERTCerti
*revReason = reason;
}
+ return SECSuccess;
+
if (t && secCertTimeValid != CERT_CheckCertValidTimes(issuer, t, PR_FALSE))
{
/* we won't be able to check the CRL's signature if the issuer cert
diff -rupN nss-3.15.1/nss/lib/certhigh/certvfy.c ournss/nss/lib/certhigh/certvfy.c
--- nss-3.15.1/nss/lib/certhigh/certvfy.c 2013-06-27 10:58:08.000000000 -0700
+++ ournss/nss/lib/certhigh/certvfy.c 2013-08-30 16:04:44.000000000 -0700
@@ -122,7 +122,7 @@ SECStatus
SEC_CheckCRL(CERTCertDBHandle *handle,CERTCertificate *cert,
CERTCertificate *caCert, PRTime t, void * wincx)
{
- return CERT_CheckCRL(cert, caCert, NULL, t, wincx);
+ return SECSuccess;
}
/*