Update NSS to 3.21 RTM and NSPR to 4.11 RTM

nss/lib/certhigh/certvfypkix.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * nss_pkix_proxy.h
  *
  * PKIX - NSS proxy functions
  *
  * NOTE: All structures, functions, data types are parts of library private
  * api and are subjects to change in any following releases.
@@ skipping 1394 matching lines @@
                     PKIX_ProcessingParams *procParams,
                     const CERTRevocationTests *revTest,
                     CERTRevocationMethodIndex certRevMethod,
                     PKIX_RevocationMethodType pkixRevMethod,
                     PKIX_Boolean verifyResponderUsages,
                     PKIX_Boolean isLeafTest,
                     void *plContext)
 {
     PKIX_UInt32 methodFlags = 0;
     PKIX_Error *error = NULL;
-    int priority = 0;
+    PKIX_UInt32 priority = 0;
     
-    if (revTest->number_of_defined_methods <= certRevMethod) {
+    if (revTest->number_of_defined_methods <= (PRUint32)certRevMethod) {
         return NULL;
     }
     if (revTest->preferred_methods) {
-        int i = 0;
+        unsigned int i = 0;
         for (;i < revTest->number_of_preferred_methods;i++) {
             if (revTest->preferred_methods[i] == certRevMethod) 
                 break;
         }
         priority = i;
     }
     methodFlags = revTest->cert_rev_flags_per_method[certRevMethod];
     if (verifyResponderUsages &&
         pkixRevMethod == PKIX_RevocationMethod_OCSP) {
         methodFlags |= PKIX_REV_M_FORBID_NETWORK_FETCHING;
@@ skipping 15 matching lines @@
     SECStatus r=SECSuccess;
     PKIX_PL_Date *date = NULL;
     PKIX_List *policyOIDList = NULL;
     PKIX_List *certListPkix = NULL;
     const CERTRevocationFlags *flags;
     SECErrorCodes errCode = SEC_ERROR_INVALID_ARGS;
     const CERTCertList *certList = NULL;
     CERTCertListNode *node;
     PKIX_PL_Cert *certPkix = NULL;
     PKIX_TrustAnchor *trustAnchor = NULL;
-    PKIX_PL_Date *revDate = NULL;
     PKIX_RevocationChecker *revChecker = NULL;
     PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext *)plContext;
 
     /* XXX we need a way to map generic PKIX error to generic NSS errors */
 
     switch (param->type) {
 
         case cert_pi_policyOID:
 
             /* needed? */
@@ skipping 189 matching lines @@
             r = SECFailure;
             break;
     }
 
     if (policyOIDList != NULL)
         PKIX_PL_Object_DecRef((PKIX_PL_Object *)policyOIDList, plContext);
 
     if (date != NULL) 
         PKIX_PL_Object_DecRef((PKIX_PL_Object *)date, plContext);
 
-    if (revDate != NULL) 
-        PKIX_PL_Object_DecRef((PKIX_PL_Object *)revDate, plContext);
-
     if (revChecker != NULL) 
         PKIX_PL_Object_DecRef((PKIX_PL_Object *)revChecker, plContext);
 
     if (certListPkix) 
         PKIX_PL_Object_DecRef((PKIX_PL_Object *)certListPkix, plContext);
 
     if (trustAnchor) 
         PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchor, plContext);
 
     if (certPkix) 
@@ skipping 570 matching lines @@
     
 } while (errorGenerated);
 
     runningLeakTest = PKIX_FALSE; 
     PR_ATOMIC_DECREMENT(&parallelFnInvocationCount);
     usePKIXValidationEngine = savedUsePkixEngFlag;
 #endif /* PKIX_OBJECT_LEAK_TEST */
 
     return r;
 }