| Index: nss/mozilla/security/nss/lib/certdb/genname.c
|
| ===================================================================
|
| --- nss/mozilla/security/nss/lib/certdb/genname.c (revision 55475)
|
| +++ nss/mozilla/security/nss/lib/certdb/genname.c (working copy)
|
| @@ -42,6 +42,7 @@
|
| #include "secder.h"
|
| #include "certt.h"
|
| #include "cert.h"
|
| +#include "certi.h"
|
| #include "xconst.h"
|
| #include "secerr.h"
|
| #include "secoid.h"
|
| @@ -1082,17 +1083,31 @@
|
| return SECFailure;
|
| }
|
|
|
| +/* Extract all names except Subject Common Name from a cert
|
| +** in preparation for a name constraints test.
|
| +*/
|
| +CERTGeneralName *
|
| +CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena)
|
| +{
|
| + return CERT_GetConstrainedCertificateNames(cert, arena, PR_FALSE);
|
| +}
|
| +
|
| /* This function is called by CERT_VerifyCertChain to extract all
|
| ** names from a cert in preparation for a name constraints test.
|
| */
|
| CERTGeneralName *
|
| -CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena)
|
| +CERT_GetConstrainedCertificateNames(CERTCertificate *cert, PRArenaPool *arena,
|
| + PRBool includeSubjectCommonName)
|
| {
|
| CERTGeneralName *DN;
|
| - CERTGeneralName *altName = NULL;
|
| - SECItem altNameExtension = {siBuffer, NULL, 0 };
|
| + CERTGeneralName *SAN;
|
| + PRUint32 numDNSNames = 0;
|
| SECStatus rv;
|
|
|
| + if (!arena) {
|
| + PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| + return NULL;
|
| + }
|
| /* TODO: mark arena */
|
| DN = CERT_NewGeneralName(arena, certDirectoryName);
|
| if (DN == NULL) {
|
| @@ -1114,22 +1129,31 @@
|
| goto loser;
|
|
|
| /* Now extract any GeneralNames from the subject name names extension. */
|
| - rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
|
| - &altNameExtension);
|
| + SAN = cert_GetSubjectAltNameList(cert, arena);
|
| + if (SAN) {
|
| + numDNSNames = cert_CountDNSPatterns(SAN);
|
| + DN = cert_CombineNamesLists(DN, SAN);
|
| + }
|
| + if (!numDNSNames && includeSubjectCommonName) {
|
| + char *cn = CERT_GetCommonName(&cert->subject);
|
| + if (cn) {
|
| + CERTGeneralName *CN = CERT_NewGeneralName(arena, certDNSName);
|
| + if (CN) {
|
| + SECItem cnItem = {siBuffer, NULL, 0};
|
| + cnItem.data = (unsigned char *)cn;
|
| + cnItem.len = strlen(cn);
|
| + rv = SECITEM_CopyItem(arena, &CN->name.other, &cnItem);
|
| + if (rv == SECSuccess) {
|
| + DN = cert_CombineNamesLists(DN, CN);
|
| + }
|
| + }
|
| + PORT_Free(cn);
|
| + }
|
| + }
|
| if (rv == SECSuccess) {
|
| - altName = CERT_DecodeAltNameExtension(arena, &altNameExtension);
|
| - rv = altName ? SECSuccess : SECFailure;
|
| + /* TODO: unmark arena */
|
| + return DN;
|
| }
|
| - if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND)
|
| - rv = SECSuccess;
|
| - if (altNameExtension.data)
|
| - SECITEM_FreeItem(&altNameExtension, PR_FALSE);
|
| - if (rv != SECSuccess)
|
| - goto loser;
|
| - DN = cert_CombineNamesLists(DN, altName);
|
| -
|
| - /* TODO: unmark arena */
|
| - return DN;
|
| loser:
|
| /* TODO: release arena to mark */
|
| return NULL;
|
|
|
Chromium Code Reviews
Issue 3135002:
Update to NSS 3.12.7 and NSPR 4.8.6.... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/deps/third_party/