Update to NSS 3.12.7 and NSPR 4.8.6....

nss/mozilla/security/nss/lib/certdb/certi.h

 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
@@ skipping 18 matching lines @@
  * use your version of this file under the terms of the MPL, indicate your
  * decision by deleting the provisions above and replace them with the notice
  * and other provisions required by the GPL or the LGPL. If you do not delete
  * the provisions above, a recipient may use your version of this file under
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
 /*
  * certi.h - private data structures for the certificate library
  *
- * $Id: certi.h,v 1.31 2009/07/31 18:35:30 christophe.ravel.bugs%sun.com Exp $
+ * $Id: certi.h,v 1.34 2010/05/21 00:43:51 wtc%google.com Exp $
  */
 #ifndef _CERTI_H_
 #define _CERTI_H_
 
 #include "certt.h"
 #include "nssrwlkt.h"
 
 /*
 #define GLOBAL_RWLOCK 1
 */
@@ skipping 93 matching lines @@
     This is a cache of CRL entries for a given distribution point of an issuer
     It is built from a collection of one full and 0 or more delta CRLs.
 */
 
 struct CRLDPCacheStr {
 #ifdef DPC_RWLOCK
     NSSRWLock* lock;
 #else
     PRLock* lock;
 #endif
-    CERTCertificate* issuer;    /* cert issuer 
+    CERTCertificate* issuer;    /* issuer cert
                                    XXX there may be multiple issuer certs,
                                        with different validity dates. Also
                                        need to deal with SKID/AKID . See
                                        bugzilla 217387, 233118 */
     SECItem* subject;           /* DER of issuer subject */
     SECItem* distributionPoint; /* DER of distribution point. This may be
                                    NULL when distribution points aren't
                                    in use (ie. the CA has a single CRL).
                                    Currently not used. */
 
     /* array of full CRLs matching this distribution point */
     PRUint32 ncrls;              /* total number of CRLs in crls */
     CachedCrl** crls;            /* array of all matching CRLs */
     /* XCRL With iCRLs and multiple DPs, the CRL can be shared accross several
        issuers. In the future, we'll need to globally recycle the CRL in a
        separate list in order to avoid extra lookups, decodes, and copies */
 
     /* pointers to good decoded CRLs used to build the cache */
     CachedCrl* selected;    /* full CRL selected for use in the cache */
 #if 0
     /* for future use */
     PRInt32 numdeltas;      /* number of delta CRLs used for the cache */
     CachedCrl** deltas;     /* delta CRLs used for the cache */
 #endif
     /* cache invalidity bitflag */
     PRUint16 invalid;       /* this state will be set if either
              CRL_CACHE_INVALID_CRLS or CRL_CACHE_LAST_FETCH_FAILED is set.
-             In those cases, all certs are considered revoked as a
-             security precaution. The invalid state can only be cleared
-             during an update if all error states are cleared */
+             In those cases, all certs are considered to have unknown status.
+             The invalid state can only be cleared during an update if all
+             error states are cleared */
     PRBool refresh;        /* manual refresh from tokens has been forced */
     PRBool mustchoose;     /* trigger reselection algorithm, for case when
                               RAM CRL objects are dropped from the cache */
     PRTime lastfetch;      /* time a CRL token fetch was last performed */
     PRTime lastcheck;      /* time CRL token objects were last checked for
                               existence */
 };
 
 /*  CRL issuer cache object
     This object tracks all the distribution point caches for a given issuer.
@@ skipping 80 matching lines @@
                          const SECItem* dp, int64 t, void* wincx,
                          CRLDPCache** dpcache, PRBool* writeLocked);
 
 /* check if a particular SN is in the CRL cache and return its entry */
 dpcacheStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
                              CERTCrlEntry** returned);
 
 /* release a DPCache object that was previously acquired */
 void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked);
 
-/* this function assumes the caller holds a lock on the DPCache */
-SECStatus DPCache_GetAllCRLs(CRLDPCache* dpc, PRArenaPool* arena,
-                             CERTSignedCrl*** crls, PRUint16* status);
-
-/* this function assumes the caller holds a lock on the DPCache */
-SECStatus DPCache_GetCRLEntry(CRLDPCache* cache, PRBool readlocked,
-                              CERTSignedCrl* crl, SECItem* sn,
-                              CERTCrlEntry** returned);
-
 /*
  * map Stan errors into NSS errors
  * This function examines the stan error stack and automatically sets
  * PORT_SetError(); to the appropriate SEC_ERROR value.
  */
 void CERT_MapStanError();
 
 /* Interface function for libpkix cert validation engine:
  * cert_verify wrapper. */
 SECStatus
@@ skipping 81 matching lines @@
 
 /* cert_FindCRLByGeneralName must be called only while the named cache is
  * acquired, and the entry is only valid until cache is released.
  */
 SECStatus cert_FindCRLByGeneralName(NamedCRLCache* ncc,
                                     const SECItem* canonicalizedName,
                                     NamedCRLCacheEntry** retEntry);
 
 SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc);
 
+/* This is private for now.  Maybe shoule be public. */
+CERTGeneralName *
+cert_GetSubjectAltNameList(CERTCertificate *cert, PRArenaPool *arena);
+
+/* Count DNS names and IP addresses in a list of GeneralNames */
+PRUint32
+cert_CountDNSPatterns(CERTGeneralName *firstName);
+
 #endif /* _CERTI_H_ */