Fix build break with uninitialized variable 'ev_policy_tag'....

net/base/x509_certificate_nss.cc

Index: net/base/x509_certificate_nss.cc
===================================================================
--- net/base/x509_certificate_nss.cc	(revision 22718)
+++ net/base/x509_certificate_nss.cc	(working copy)
@@ -319,7 +319,7 @@
   PORT_Free(alt_name.data);
 }
 
-// TODO(ukai): make a Linux-only method of the EVRootCAMetadata.
+// TODO(ukai): this should be a Linux-only method of EVRootCAMetadata class.
 void GetPolicyOidTags(net::EVRootCAMetadata* metadata,
                       std::vector<SECOidTag>* policies) {
   const char* const* policy_oids = metadata->GetPolicyOIDs();
@@ -353,7 +353,8 @@
 
 // Call CERT_PKIXVerifyCert for the cert_handle.
 // Verification results are stored in an array of CERTValOutParam.
-// If metadata is not NULL, policies are also checked.
+// If policy_oids is not NULL and num_policy_oids is positive, policies
+// are also checked.
 // Caller must initialize cvout before calling this function.
 SECStatus PKIXVerifyCert(X509Certificate::OSCertHandle cert_handle,
                          const SECOidTag* policy_oids,
@@ -460,7 +461,7 @@
   CERTPolicyInfo** policy_infos = policies->policyInfos;
   while (*policy_infos != NULL) {
     CERTPolicyInfo* policy_info = *policy_infos++;
-    SECOidTag oid_tag = SECOID_FindOIDTag(&policy_info->policyID);
+    SECOidTag oid_tag = policy_info->oid;
     if (oid_tag == SEC_OID_UNKNOWN)
       continue;
     if (oid_tag == ev_policy_tag)
@@ -560,15 +561,13 @@
   if (IsCertStatusError(verify_result->cert_status))
     return MapCertStatusToNetError(verify_result->cert_status);
 
-  if (flags & VERIFY_EV_CERT) {
-    if (VerifyEV())
-      verify_result->cert_status |= CERT_STATUS_IS_EV;
-  }
+  if ((flags & VERIFY_EV_CERT) && VerifyEV())
+    verify_result->cert_status |= CERT_STATUS_IS_EV;
   return OK;
 }
 
-// Studied Mozilla's code (esp. security/manager/ssl/src/nsNSSCertHelper.cpp)
-// to learn how to verify EV certificate.
+// Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp
+// and nsNSSCertHelper.cpp) to learn how to verify EV certificate.
 // TODO(wtc): We may be able to request cert_po_policyOID and just
 // check if any of the returned policies is the EV policy of the trust anchor.
 // Another possible optimization is that we get the trust anchor from
@@ -601,7 +600,7 @@
     return false;
   X509Certificate::Fingerprint fingerprint =
       X509Certificate::CalculateFingerprint(root_ca);
-  SECOidTag ev_policy_tag;

[wtc, 2009/08/07 18:07:48]

Does the compiler warn about this?  We're passing
&ev_policy_tag as an output parameter to
GetEvPolicyOidTag, so ev_policy_tag doesn't need to be
initialized.

[ukai, 2009/08/10 04:09:20]

Yes, it caused the build break.

+  SECOidTag ev_policy_tag = SEC_OID_UNKNOWN;
   if (!GetEvPolicyOidTag(metadata, fingerprint, &ev_policy_tag))
     return false;