OLD | NEW |
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
(...skipping 21 matching lines...) Expand all Loading... |
32 * decision by deleting the provisions above and replace them with the notice | 32 * decision by deleting the provisions above and replace them with the notice |
33 * and other provisions required by the GPL or the LGPL. If you do not delete | 33 * and other provisions required by the GPL or the LGPL. If you do not delete |
34 * the provisions above, a recipient may use your version of this file under | 34 * the provisions above, a recipient may use your version of this file under |
35 * the terms of any one of the MPL, the GPL or the LGPL. | 35 * the terms of any one of the MPL, the GPL or the LGPL. |
36 * | 36 * |
37 * ***** END LICENSE BLOCK ***** */ | 37 * ***** END LICENSE BLOCK ***** */ |
38 | 38 |
39 /* | 39 /* |
40 * Certificate handling code | 40 * Certificate handling code |
41 * | 41 * |
42 * $Id: certdb.c,v 1.102 2010/02/10 02:00:57 wtc%google.com Exp $ | 42 * $Id: certdb.c,v 1.104 2010/04/25 00:44:55 nelson%bolyard.com Exp $ |
43 */ | 43 */ |
44 | 44 |
45 #include "nssilock.h" | 45 #include "nssilock.h" |
46 #include "prmon.h" | 46 #include "prmon.h" |
47 #include "prtime.h" | 47 #include "prtime.h" |
48 #include "cert.h" | 48 #include "cert.h" |
49 #include "certi.h" | 49 #include "certi.h" |
50 #include "secder.h" | 50 #include "secder.h" |
51 #include "secoid.h" | 51 #include "secoid.h" |
52 #include "secasn1.h" | 52 #include "secasn1.h" |
(...skipping 509 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
562 PRUint32 nsCertType; | 562 PRUint32 nsCertType; |
563 | 563 |
564 if (cert->nsCertType) { | 564 if (cert->nsCertType) { |
565 /* once set, no need to recalculate */ | 565 /* once set, no need to recalculate */ |
566 return SECSuccess; | 566 return SECSuccess; |
567 } | 567 } |
568 nsCertType = cert_ComputeCertType(cert); | 568 nsCertType = cert_ComputeCertType(cert); |
569 | 569 |
570 /* Assert that it is safe to cast &cert->nsCertType to "PRInt32 *" */ | 570 /* Assert that it is safe to cast &cert->nsCertType to "PRInt32 *" */ |
571 PORT_Assert(sizeof(cert->nsCertType) == sizeof(PRInt32)); | 571 PORT_Assert(sizeof(cert->nsCertType) == sizeof(PRInt32)); |
572 PR_AtomicSet((PRInt32 *)&cert->nsCertType, nsCertType); | 572 PR_ATOMIC_SET((PRInt32 *)&cert->nsCertType, nsCertType); |
573 return SECSuccess; | 573 return SECSuccess; |
574 } | 574 } |
575 | 575 |
576 PRUint32 | 576 PRUint32 |
577 cert_ComputeCertType(CERTCertificate *cert) | 577 cert_ComputeCertType(CERTCertificate *cert) |
578 { | 578 { |
579 SECStatus rv; | 579 SECStatus rv; |
580 SECItem tmpitem; | 580 SECItem tmpitem; |
581 SECItem encodedExtKeyUsage; | 581 SECItem encodedExtKeyUsage; |
582 CERTOidSequence *extKeyUsage = NULL; | 582 CERTOidSequence *extKeyUsage = NULL; |
(...skipping 1239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1822 return nickNames; | 1822 return nickNames; |
1823 } | 1823 } |
1824 | 1824 |
1825 /* failure to produce output */ | 1825 /* failure to produce output */ |
1826 PORT_FreeArena(arena, PR_FALSE); | 1826 PORT_FreeArena(arena, PR_FALSE); |
1827 return NULL; | 1827 return NULL; |
1828 } | 1828 } |
1829 } | 1829 } |
1830 | 1830 |
1831 /* no SAN extension or no names found in extension */ | 1831 /* no SAN extension or no names found in extension */ |
1832 /* now try the NS cert name extension first, then the common name */ | 1832 singleName = CERT_GetCommonName(&cert->subject); |
1833 singleName = | |
1834 CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); | |
1835 if (!singleName) { | |
1836 singleName = CERT_GetCommonName(&cert->subject); | |
1837 } | |
1838 | |
1839 if (singleName) { | 1833 if (singleName) { |
1840 nickNames->numnicknames = 1; | 1834 nickNames->numnicknames = 1; |
1841 nickNames->nicknames = PORT_ArenaAlloc(arena, sizeof(char *)); | 1835 nickNames->nicknames = PORT_ArenaAlloc(arena, sizeof(char *)); |
1842 if (nickNames->nicknames) { | 1836 if (nickNames->nicknames) { |
1843 *nickNames->nicknames = PORT_ArenaStrdup(arena, singleName); | 1837 *nickNames->nicknames = PORT_ArenaStrdup(arena, singleName); |
1844 } | 1838 } |
1845 PORT_Free(singleName); | 1839 PORT_Free(singleName); |
1846 | 1840 |
1847 /* Did we allocate both the buffer of pointers and the string? */ | 1841 /* Did we allocate both the buffer of pointers and the string? */ |
1848 if (nickNames->nicknames && *nickNames->nicknames) { | 1842 if (nickNames->nicknames && *nickNames->nicknames) { |
(...skipping 28 matching lines...) Expand all Loading... |
1877 } | 1871 } |
1878 } | 1872 } |
1879 | 1873 |
1880 /* Per RFC 2818, if the SubjectAltName extension is present, it must | 1874 /* Per RFC 2818, if the SubjectAltName extension is present, it must |
1881 ** be used as the cert's identity. | 1875 ** be used as the cert's identity. |
1882 */ | 1876 */ |
1883 rv = cert_VerifySubjectAltName(cert, hn); | 1877 rv = cert_VerifySubjectAltName(cert, hn); |
1884 if (rv == SECSuccess || PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) | 1878 if (rv == SECSuccess || PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) |
1885 return rv; | 1879 return rv; |
1886 | 1880 |
1887 /* try the cert extension first, then the common name */ | 1881 cn = CERT_GetCommonName(&cert->subject); |
1888 cn = CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); | |
1889 if ( !cn ) { | |
1890 » cn = CERT_GetCommonName(&cert->subject); | |
1891 } | |
1892 if ( cn ) { | 1882 if ( cn ) { |
1893 rv = cert_TestHostName(cn, hn); | 1883 rv = cert_TestHostName(cn, hn); |
1894 PORT_Free(cn); | 1884 PORT_Free(cn); |
1895 } else | 1885 } else |
1896 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); | 1886 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); |
1897 return rv; | 1887 return rv; |
1898 } | 1888 } |
1899 | 1889 |
1900 PRBool | 1890 PRBool |
1901 CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2) | 1891 CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2) |
(...skipping 1335 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3237 CERTCertificate *cert = NULL; | 3227 CERTCertificate *cert = NULL; |
3238 SECItem *derCert; | 3228 SECItem *derCert; |
3239 | 3229 |
3240 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); | 3230 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); |
3241 if (derCert) { | 3231 if (derCert) { |
3242 cert = CERT_FindCertByDERCert(handle, derCert); | 3232 cert = CERT_FindCertByDERCert(handle, derCert); |
3243 SECITEM_FreeItem(derCert, PR_TRUE); | 3233 SECITEM_FreeItem(derCert, PR_TRUE); |
3244 } | 3234 } |
3245 return cert; | 3235 return cert; |
3246 } | 3236 } |
OLD | NEW |