OLD | NEW |
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
(...skipping 464 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
475 | 475 |
476 /* if the issuer is not an old fortezza cert, we bail */ | 476 /* if the issuer is not an old fortezza cert, we bail */ |
477 if (key->keyType != fortezzaKey) { | 477 if (key->keyType != fortezzaKey) { |
478 SECKEY_DestroyPublicKey(key); | 478 SECKEY_DestroyPublicKey(key); |
479 /* CA Cert not fortezza */ | 479 /* CA Cert not fortezza */ |
480 PORT_SetError(SEC_ERROR_NOT_FORTEZZA_ISSUER); | 480 PORT_SetError(SEC_ERROR_NOT_FORTEZZA_ISSUER); |
481 return SECFailure; | 481 return SECFailure; |
482 } | 482 } |
483 | 483 |
484 /* get the privilege mask */ | 484 /* get the privilege mask */ |
485 if (key->u.fortezza.DSSpriviledge.len > 0) { | 485 if (key->u.fortezza.DSSprivilege.len > 0) { |
486 » priv = key->u.fortezza.DSSpriviledge.data[0]; | 486 » priv = key->u.fortezza.DSSprivilege.data[0]; |
487 } | 487 } |
488 | 488 |
489 /* | 489 /* |
490 * make sure the CA's keys are OK | 490 * make sure the CA's keys are OK |
491 */ | 491 */ |
492 | 492 |
493 rv = SEC_CheckKRL(handle, key, NULL, t, wincx); | 493 rv = SEC_CheckKRL(handle, key, NULL, t, wincx); |
494 SECKEY_DestroyPublicKey(key); | 494 SECKEY_DestroyPublicKey(key); |
495 if (rv != SECSuccess) { | 495 if (rv != SECSuccess) { |
496 return rv; | 496 return rv; |
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
640 | 640 |
641 /* Construct a list of names for the current and all previous | 641 /* Construct a list of names for the current and all previous |
642 * certifcates (except leaf (EE) certs, root CAs, and self-issued | 642 * certifcates (except leaf (EE) certs, root CAs, and self-issued |
643 * intermediate CAs) to be verified against the name constraints | 643 * intermediate CAs) to be verified against the name constraints |
644 * extension of the issuer certificate. | 644 * extension of the issuer certificate. |
645 */ | 645 */ |
646 if (subjectCertIsSelfIssued == PR_FALSE) { | 646 if (subjectCertIsSelfIssued == PR_FALSE) { |
647 CERTGeneralName *subjectNameList; | 647 CERTGeneralName *subjectNameList; |
648 int subjectNameListLen; | 648 int subjectNameListLen; |
649 int i; | 649 int i; |
650 » subjectNameList = CERT_GetCertificateNames(subjectCert, arena); | 650 » PRBool getSubjectCN = (!count && certUsage == certUsageSSLServer); |
| 651 » subjectNameList = |
| 652 » » CERT_GetConstrainedCertificateNames(subjectCert, arena, |
| 653 » » getSubjectCN); |
651 if (!subjectNameList) | 654 if (!subjectNameList) |
652 goto loser; | 655 goto loser; |
653 subjectNameListLen = CERT_GetNamesLength(subjectNameList); | 656 subjectNameListLen = CERT_GetNamesLength(subjectNameList); |
654 if (!subjectNameListLen) | 657 if (!subjectNameListLen) |
655 goto loser; | 658 goto loser; |
656 if (certsListLen <= namesCount + subjectNameListLen) { | 659 if (certsListLen <= namesCount + subjectNameListLen) { |
657 CERTCertificate **tmpCertsList; | 660 CERTCertificate **tmpCertsList; |
658 certsListLen = (namesCount + subjectNameListLen) * 2; | 661 certsListLen = (namesCount + subjectNameListLen) * 2; |
659 tmpCertsList = | 662 tmpCertsList = |
660 (CERTCertificate **)PORT_Realloc(certsList, | 663 (CERTCertificate **)PORT_Realloc(certsList, |
(...skipping 1370 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2031 return chain; | 2034 return chain; |
2032 } | 2035 } |
2033 | 2036 |
2034 cert = CERT_FindCertIssuer(cert, time, usage); | 2037 cert = CERT_FindCertIssuer(cert, time, usage); |
2035 } | 2038 } |
2036 | 2039 |
2037 /* return partial chain */ | 2040 /* return partial chain */ |
2038 PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); | 2041 PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); |
2039 return chain; | 2042 return chain; |
2040 } | 2043 } |
OLD | NEW |