| OLD | NEW |
|---|
| 1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
| 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 3 * | 3 * |
| 4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
| 5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
| 6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
| 7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
| 8 * | 8 * |
| 9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
| 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
| (...skipping 21 matching lines...) Expand all Loading... |
| 32 * decision by deleting the provisions above and replace them with the notice | 32 * decision by deleting the provisions above and replace them with the notice |
| 33 * and other provisions required by the GPL or the LGPL. If you do not delete | 33 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 34 * the provisions above, a recipient may use your version of this file under | 34 * the provisions above, a recipient may use your version of this file under |
| 35 * the terms of any one of the MPL, the GPL or the LGPL. | 35 * the terms of any one of the MPL, the GPL or the LGPL. |
| 36 * | 36 * |
| 37 * ***** END LICENSE BLOCK ***** */ | 37 * ***** END LICENSE BLOCK ***** */ |
| 38 | 38 |
| 39 /* | 39 /* |
| 40 * Certificate handling code | 40 * Certificate handling code |
| 41 * | 41 * |
| 42 * $Id: certdb.c,v 1.102 2010/02/10 02:00:57 wtc%google.com Exp $ | 42 * $Id: certdb.c,v 1.104 2010/04/25 00:44:55 nelson%bolyard.com Exp $ |
| 43 */ | 43 */ |
| 44 | 44 |
| 45 #include "nssilock.h" | 45 #include "nssilock.h" |
| 46 #include "prmon.h" | 46 #include "prmon.h" |
| 47 #include "prtime.h" | 47 #include "prtime.h" |
| 48 #include "cert.h" | 48 #include "cert.h" |
| 49 #include "certi.h" | 49 #include "certi.h" |
| 50 #include "secder.h" | 50 #include "secder.h" |
| 51 #include "secoid.h" | 51 #include "secoid.h" |
| 52 #include "secasn1.h" | 52 #include "secasn1.h" |
| (...skipping 509 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 562 PRUint32 nsCertType; | 562 PRUint32 nsCertType; |
| 563 | 563 |
| 564 if (cert->nsCertType) { | 564 if (cert->nsCertType) { |
| 565 /* once set, no need to recalculate */ | 565 /* once set, no need to recalculate */ |
| 566 return SECSuccess; | 566 return SECSuccess; |
| 567 } | 567 } |
| 568 nsCertType = cert_ComputeCertType(cert); | 568 nsCertType = cert_ComputeCertType(cert); |
| 569 | 569 |
| 570 /* Assert that it is safe to cast &cert->nsCertType to "PRInt32 *" */ | 570 /* Assert that it is safe to cast &cert->nsCertType to "PRInt32 *" */ |
| 571 PORT_Assert(sizeof(cert->nsCertType) == sizeof(PRInt32)); | 571 PORT_Assert(sizeof(cert->nsCertType) == sizeof(PRInt32)); |
| 572 PR_AtomicSet((PRInt32 *)&cert->nsCertType, nsCertType); | 572 PR_ATOMIC_SET((PRInt32 *)&cert->nsCertType, nsCertType); |
| 573 return SECSuccess; | 573 return SECSuccess; |
| 574 } | 574 } |
| 575 | 575 |
| 576 PRUint32 | 576 PRUint32 |
| 577 cert_ComputeCertType(CERTCertificate *cert) | 577 cert_ComputeCertType(CERTCertificate *cert) |
| 578 { | 578 { |
| 579 SECStatus rv; | 579 SECStatus rv; |
| 580 SECItem tmpitem; | 580 SECItem tmpitem; |
| 581 SECItem encodedExtKeyUsage; | 581 SECItem encodedExtKeyUsage; |
| 582 CERTOidSequence *extKeyUsage = NULL; | 582 CERTOidSequence *extKeyUsage = NULL; |
| (...skipping 1239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1822 return nickNames; | 1822 return nickNames; |
| 1823 } | 1823 } |
| 1824 | 1824 |
| 1825 /* failure to produce output */ | 1825 /* failure to produce output */ |
| 1826 PORT_FreeArena(arena, PR_FALSE); | 1826 PORT_FreeArena(arena, PR_FALSE); |
| 1827 return NULL; | 1827 return NULL; |
| 1828 } | 1828 } |
| 1829 } | 1829 } |
| 1830 | 1830 |
| 1831 /* no SAN extension or no names found in extension */ | 1831 /* no SAN extension or no names found in extension */ |
| 1832 /* now try the NS cert name extension first, then the common name */ | 1832 singleName = CERT_GetCommonName(&cert->subject); |
| 1833 singleName = | |
| 1834 CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); | |
| 1835 if (!singleName) { | |
| 1836 singleName = CERT_GetCommonName(&cert->subject); | |
| 1837 } | |
| 1838 | |
| 1839 if (singleName) { | 1833 if (singleName) { |
| 1840 nickNames->numnicknames = 1; | 1834 nickNames->numnicknames = 1; |
| 1841 nickNames->nicknames = PORT_ArenaAlloc(arena, sizeof(char *)); | 1835 nickNames->nicknames = PORT_ArenaAlloc(arena, sizeof(char *)); |
| 1842 if (nickNames->nicknames) { | 1836 if (nickNames->nicknames) { |
| 1843 *nickNames->nicknames = PORT_ArenaStrdup(arena, singleName); | 1837 *nickNames->nicknames = PORT_ArenaStrdup(arena, singleName); |
| 1844 } | 1838 } |
| 1845 PORT_Free(singleName); | 1839 PORT_Free(singleName); |
| 1846 | 1840 |
| 1847 /* Did we allocate both the buffer of pointers and the string? */ | 1841 /* Did we allocate both the buffer of pointers and the string? */ |
| 1848 if (nickNames->nicknames && *nickNames->nicknames) { | 1842 if (nickNames->nicknames && *nickNames->nicknames) { |
| (...skipping 28 matching lines...) Expand all Loading... |
| 1877 } | 1871 } |
| 1878 } | 1872 } |
| 1879 | 1873 |
| 1880 /* Per RFC 2818, if the SubjectAltName extension is present, it must | 1874 /* Per RFC 2818, if the SubjectAltName extension is present, it must |
| 1881 ** be used as the cert's identity. | 1875 ** be used as the cert's identity. |
| 1882 */ | 1876 */ |
| 1883 rv = cert_VerifySubjectAltName(cert, hn); | 1877 rv = cert_VerifySubjectAltName(cert, hn); |
| 1884 if (rv == SECSuccess || PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) | 1878 if (rv == SECSuccess || PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) |
| 1885 return rv; | 1879 return rv; |
| 1886 | 1880 |
| 1887 /* try the cert extension first, then the common name */ | 1881 cn = CERT_GetCommonName(&cert->subject); |
| 1888 cn = CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); | |
| 1889 if ( !cn ) { | |
| 1890 » cn = CERT_GetCommonName(&cert->subject); | |
| 1891 } | |
| 1892 if ( cn ) { | 1882 if ( cn ) { |
| 1893 rv = cert_TestHostName(cn, hn); | 1883 rv = cert_TestHostName(cn, hn); |
| 1894 PORT_Free(cn); | 1884 PORT_Free(cn); |
| 1895 } else | 1885 } else |
| 1896 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); | 1886 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); |
| 1897 return rv; | 1887 return rv; |
| 1898 } | 1888 } |
| 1899 | 1889 |
| 1900 PRBool | 1890 PRBool |
| 1901 CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2) | 1891 CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2) |
| (...skipping 1335 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3237 CERTCertificate *cert = NULL; | 3227 CERTCertificate *cert = NULL; |
| 3238 SECItem *derCert; | 3228 SECItem *derCert; |
| 3239 | 3229 |
| 3240 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); | 3230 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); |
| 3241 if (derCert) { | 3231 if (derCert) { |
| 3242 cert = CERT_FindCertByDERCert(handle, derCert); | 3232 cert = CERT_FindCertByDERCert(handle, derCert); |
| 3243 SECITEM_FreeItem(derCert, PR_TRUE); | 3233 SECITEM_FreeItem(derCert, PR_TRUE); |
| 3244 } | 3234 } |
| 3245 return cert; | 3235 return cert; |
| 3246 } | 3236 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3135002:
Update to NSS 3.12.7 and NSPR 4.8.6.... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/deps/third_party/