Security-58286.260.20.tar.gz

[apple/security.git] / OSX / libsecurity_apple_x509_tp / lib / TPCertInfo.cpp

diff --git a/OSX/libsecurity_apple_x509_tp/lib/TPCertInfo.cpp b/OSX/libsecurity_apple_x509_tp/lib/TPCertInfo.cpp
index 4781af8c9c31fa81c762eb5ea85a35fd971948df..62b6f7b81a0355d72407f98ff31d31a26debcac7 100644 (file)
--- a/OSX/libsecurity_apple_x509_tp/lib/TPCertInfo.cpp
+++ b/OSX/libsecurity_apple_x509_tp/lib/TPCertInfo.cpp
@@ -40,8 +40,8 @@
 #include <Security/SecImportExport.h>
 #include <Security/SecTrustSettingsPriv.h>
 
-#define tpTimeDbg(args...)             secdebug("tpTime", ## args)
-#define tpCertInfoDbg(args...) secdebug("tpCert", ## args)
+#define tpTimeDbg(args...)             secinfo("tpTime", ## args)
+#define tpCertInfoDbg(args...) secinfo("tpCert", ## args)
 
 static const TPClItemCalls tpCertClCalls =
 {
@@ -2034,8 +2034,9 @@ post_trust_setting:
                                 * from the net; we prevent that from happening when the certs
                                 * are in inCertGroup or gatheredCerts by keeping track of those
                                 * certs' mUsed state.
+                                * Also handle Radar 23734683, endless loop of untrusted roots.
                                 */
-                               if(isInGroup(*issuerCert)) {
+                               if(isInGroup(*issuerCert) || gatheredCerts->isInGroup(*issuerCert)) {
                                        tpDebug("buildCertGroup: Multiple instances of cert");
                                        delete issuerCert;
                                        issuerCert = NULL;