Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(183)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/mozilla/security/nss/lib/certhigh/certvfy.c

Issue 3135002: Update to NSS 3.12.7 and NSPR 4.8.6.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/deps/third_party/
Patch Set: Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « nss/mozilla/security/nss/lib/certdb/genname.c ('k') | nss/mozilla/security/nss/lib/certhigh/ocsp.c » ('j') | nss/mozilla/security/nss/lib/cryptohi/seckey.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* ***** BEGIN LICENSE BLOCK ***** 1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 * 3 *
4 * The contents of this file are subject to the Mozilla Public License Version 4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with 5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at 6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/ 7 * http://www.mozilla.org/MPL/
8 * 8 *
9 * Software distributed under the License is distributed on an "AS IS" basis, 9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
(...skipping 464 matching lines...) Expand 10 before | Expand all | Expand 10 after
475 475
476 /* if the issuer is not an old fortezza cert, we bail */ 476 /* if the issuer is not an old fortezza cert, we bail */
477 if (key->keyType != fortezzaKey) { 477 if (key->keyType != fortezzaKey) {
478 SECKEY_DestroyPublicKey(key); 478 SECKEY_DestroyPublicKey(key);
479 /* CA Cert not fortezza */ 479 /* CA Cert not fortezza */
480 PORT_SetError(SEC_ERROR_NOT_FORTEZZA_ISSUER); 480 PORT_SetError(SEC_ERROR_NOT_FORTEZZA_ISSUER);
481 return SECFailure; 481 return SECFailure;
482 } 482 }
483 483
484 /* get the privilege mask */ 484 /* get the privilege mask */
485 if (key->u.fortezza.DSSpriviledge.len > 0) { 485 if (key->u.fortezza.DSSprivilege.len > 0) {
486 » priv = key->u.fortezza.DSSpriviledge.data[0]; 486 » priv = key->u.fortezza.DSSprivilege.data[0];
487 } 487 }
488 488
489 /* 489 /*
490 * make sure the CA's keys are OK 490 * make sure the CA's keys are OK
491 */ 491 */
492 492
493 rv = SEC_CheckKRL(handle, key, NULL, t, wincx); 493 rv = SEC_CheckKRL(handle, key, NULL, t, wincx);
494 SECKEY_DestroyPublicKey(key); 494 SECKEY_DestroyPublicKey(key);
495 if (rv != SECSuccess) { 495 if (rv != SECSuccess) {
496 return rv; 496 return rv;
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after
640 640
641 /* Construct a list of names for the current and all previous 641 /* Construct a list of names for the current and all previous
642 * certifcates (except leaf (EE) certs, root CAs, and self-issued 642 * certifcates (except leaf (EE) certs, root CAs, and self-issued
643 * intermediate CAs) to be verified against the name constraints 643 * intermediate CAs) to be verified against the name constraints
644 * extension of the issuer certificate. 644 * extension of the issuer certificate.
645 */ 645 */
646 if (subjectCertIsSelfIssued == PR_FALSE) { 646 if (subjectCertIsSelfIssued == PR_FALSE) {
647 CERTGeneralName *subjectNameList; 647 CERTGeneralName *subjectNameList;
648 int subjectNameListLen; 648 int subjectNameListLen;
649 int i; 649 int i;
650 » subjectNameList = CERT_GetCertificateNames(subjectCert, arena); 650 » PRBool getSubjectCN = (!count && certUsage == certUsageSSLServer);
651 » subjectNameList =
652 » » CERT_GetConstrainedCertificateNames(subjectCert, arena,
653 » » getSubjectCN);
651 if (!subjectNameList) 654 if (!subjectNameList)
652 goto loser; 655 goto loser;
653 subjectNameListLen = CERT_GetNamesLength(subjectNameList); 656 subjectNameListLen = CERT_GetNamesLength(subjectNameList);
654 if (!subjectNameListLen) 657 if (!subjectNameListLen)
655 goto loser; 658 goto loser;
656 if (certsListLen <= namesCount + subjectNameListLen) { 659 if (certsListLen <= namesCount + subjectNameListLen) {
657 CERTCertificate **tmpCertsList; 660 CERTCertificate **tmpCertsList;
658 certsListLen = (namesCount + subjectNameListLen) * 2; 661 certsListLen = (namesCount + subjectNameListLen) * 2;
659 tmpCertsList = 662 tmpCertsList =
660 (CERTCertificate **)PORT_Realloc(certsList, 663 (CERTCertificate **)PORT_Realloc(certsList,
(...skipping 1370 matching lines...) Expand 10 before | Expand all | Expand 10 after
2031 return chain; 2034 return chain;
2032 } 2035 }
2033 2036
2034 cert = CERT_FindCertIssuer(cert, time, usage); 2037 cert = CERT_FindCertIssuer(cert, time, usage);
2035 } 2038 }
2036 2039
2037 /* return partial chain */ 2040 /* return partial chain */
2038 PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); 2041 PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
2039 return chain; 2042 return chain;
2040 } 2043 }
OLDNEW
« no previous file with comments | « nss/mozilla/security/nss/lib/certdb/genname.c ('k') | nss/mozilla/security/nss/lib/certhigh/ocsp.c » ('j') | nss/mozilla/security/nss/lib/cryptohi/seckey.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698