Update NSS to 3.21 RTM and NSPR to 4.11 RTM

nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * pkix_pl_pk11certstore.c
  *
  * PKCS11CertStore Function Definitions
  *
  */
 
@@ skipping 361 matching lines @@
                            PRTime time,
                            PKIX_Boolean *pHasFetchedCrlInCache,
                            void *plContext)
 {
     /* Returning true result in this case will mean, that case info
      * is currect and should used as is. */
     NamedCRLCache* nameCrlCache = NULL;
     PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE;
     PKIX_List *dpList = NULL;
     pkix_pl_CrlDp *dp = NULL;
-    CERTCertificate *cert;
     PKIX_UInt32 dpIndex = 0;
     SECStatus rv = SECSuccess;
     PRTime reloadDelay = 0, badCrlInvalDelay = 0;
 
     PKIX_ENTER(CERTSTORE, "ChechCacheHasFetchedCrl");
 
-    cert = pkixCert->nssCert;
     reloadDelay = 
         ((PKIX_PL_NssContext*)plContext)->crlReloadDelay *
                                                 PR_USEC_PER_SEC;
     badCrlInvalDelay =
         ((PKIX_PL_NssContext*)plContext)->badDerCrlReloadDelay *
                                                 PR_USEC_PER_SEC;
     if (!time) {
         time = PR_Now();
     }
     /* If we already download the crl and inserted into the cache, then
@@ skipping 73 matching lines @@
  *  Returns a CertStore Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 static PKIX_Error *
 pkix_pl_Pk11CertStore_CheckRevByCrl(
         PKIX_CertStore *store,
         PKIX_PL_Cert *pkixCert,
         PKIX_PL_Cert *pkixIssuer,
         PKIX_PL_Date *date,
         PKIX_Boolean  crlDownloadDone,
-        PKIX_UInt32  *pReasonCode,
+        CERTCRLEntryReasonCode *pReasonCode,
         PKIX_RevocationStatus *pStatus,
         void *plContext)
 {
     PKIX_RevocationStatus pkixRevStatus = PKIX_RevStatus_NoInfo;
     CERTRevocationStatus revStatus = certRevocationStatusUnknown;
     PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE;
     CERTCertificate *cert = NULL, *issuer = NULL;
     SECStatus rv = SECSuccess;
     void *wincx = NULL;
     PRTime time = 0;
@@ skipping 174 matching lines @@
 
         PKIX_RETURN(CERTSTORE);
 }
 
 static PKIX_Error *
 RemovePartitionedDpsFromList(PKIX_List *dpList, PKIX_PL_Date *date,
                              void *plContext)
 {
     NamedCRLCache* nameCrlCache = NULL;
     pkix_pl_CrlDp *dp = NULL;
-    int dpIndex = 0;
+    unsigned int dpIndex = 0;
     PRTime time;
     PRTime reloadDelay = 0, badCrlInvalDelay = 0;
     SECStatus rv;
 
     PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_ListRemovePrtDp");
 
     if (!dpList || !dpList->length) {
         PKIX_RETURN(CERTSTORE);
     }
     reloadDelay = 
@@ skipping 83 matching lines @@
     PRUint16 port;
     SEC_HTTP_SERVER_SESSION pServerSession = NULL;
     SEC_HTTP_REQUEST_SESSION pRequestSession = NULL;
     PRUint16 myHttpResponseCode;
     const char *myHttpResponseData = NULL;
     PRUint32 myHttpResponseDataLen;
     SECItem *uri = NULL;
     SECItem *derCrlCopy = NULL;
     CERTSignedCrl *nssCrl = NULL;
     CERTGeneralName *genName = NULL;
-    PKIX_Int32 savedError = -1;
     SECItem **derGenNames = NULL;
     SECItem  *derGenName = NULL;
 
     PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_DownloadCrl");
 
     /* Do not support dps others than a one with GeneralName
      * name type. */
     if (dp->distPointType != generalName ||
         !dp->nssdp->derFullName) {
         PKIX_ERROR(PKIX_UNSUPPORTEDCRLDPTYPE);
     }
     genName = dp->name.fullName;
     derGenNames = dp->nssdp->derFullName;
     do {
         derGenName = *derGenNames;
         do {
             if (!derGenName ||
                 !genName->name.other.data) {
                 /* get to next name if no data. */
-                savedError = PKIX_UNSUPPORTEDCRLDPTYPE;
                 break;
             }
             uri = &genName->name.other;
             location = (char*)PR_Malloc(1 + uri->len);
             if (!location) {
-                savedError = PKIX_ALLOCERROR;
                 break;
             }
             PORT_Memcpy(location, uri->data, uri->len);
             location[uri->len] = 0;
             if (CERT_ParseURL(location, &hostname,
                               &port, &path) != SECSuccess) {
                 PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL);
-                savedError = PKIX_URLPARSINGFAILED;
                 break;
             }
     
             PORT_Assert(hostname != NULL);
             PORT_Assert(path != NULL);
 
             if ((*hcv1->createSessionFcn)(hostname, port, 
                                           &pServerSession) != SECSuccess) {
                 PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL);
-                savedError = PKIX_URLPARSINGFAILED;
                 break;
             }
 
             if ((*hcv1->createFcn)(pServerSession, "http", path, "GET",
                 /* Users with slow connections might not get CRL revocation 
                    checking for certs that use big CRLs because of the timeout
                    We absolutely need code that limits our retry attempts.
                  */
                           PR_SecondsToInterval(
                               ((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
                                    &pRequestSession) != SECSuccess) {
-                savedError = PKIX_HTTPSERVERERROR;
                 break;
             }
 
             myHttpResponseDataLen =
                 ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
             if (myHttpResponseDataLen < PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH)
                 myHttpResponseDataLen = PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH;
 
             /* We use a non-zero timeout, which means:
                - the client will use blocking I/O
                - TryFcn will not return WOULD_BLOCK nor a poll descriptor
                - it's sufficient to call TryFcn once
             */
             /* we don't want result objects larger than this: */
             if ((*hcv1->trySendAndReceiveFcn)(
                     pRequestSession, 
                     NULL,
                     &myHttpResponseCode,
                     NULL,
                     NULL,
                     &myHttpResponseData,
                     &myHttpResponseDataLen) != SECSuccess) {
-                savedError = PKIX_HTTPSERVERERROR;
                 break;
             }
 
             if (myHttpResponseCode != 200) {
-                savedError = PKIX_HTTPSERVERERROR;
                 break;
             }
         } while(0);
         if (!myHttpResponseData) {
             /* Going to the next one. */
             genName = CERT_GetNextGeneralName(genName);
             derGenNames++;
         }
         /* Staing in the loop through all the names until
          * we have a successful download. */
@@ skipping 163 matching lines @@
                 &certStore,
                 plContext),
                 PKIX_CERTSTORECREATEFAILED);
 
         *pCertStore = certStore;
 
 cleanup:
 
         PKIX_RETURN(CERTSTORE);
 }