| OLD | NEW |
|---|
| (Empty) | |
| 1 /* |
| 2 * NSS utility functions |
| 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ |
| 11 * |
| 12 * Software distributed under the License is distributed on an "AS IS" basis, |
| 13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
| 14 * for the specific language governing rights and limitations under the |
| 15 * License. |
| 16 * |
| 17 * The Original Code is the Netscape security libraries. |
| 18 * |
| 19 * The Initial Developer of the Original Code is |
| 20 * Netscape Communications Corporation. |
| 21 * Portions created by the Initial Developer are Copyright (C) 1994-2000 |
| 22 * the Initial Developer. All Rights Reserved. |
| 23 * |
| 24 * Contributor(s): |
| 25 * |
| 26 * Alternatively, the contents of this file may be used under the terms of |
| 27 * either the GNU General Public License Version 2 or later (the "GPL"), or |
| 28 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), |
| 29 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 30 * of those above. If you wish to allow use of your version of this file only |
| 31 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 32 * use your version of this file under the terms of the MPL, indicate your |
| 33 * decision by deleting the provisions above and replace them with the notice |
| 34 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 35 * the provisions above, a recipient may use your version of this file under |
| 36 * the terms of any one of the MPL, the GPL or the LGPL. |
| 37 * |
| 38 * ***** END LICENSE BLOCK ***** */ |
| 39 /* $Id: cmpcert.c,v 1.6 2008/02/01 22:09:09 julien.pierre.boogz%sun.com Exp $ */ |
| 40 |
| 41 #include <stdio.h> |
| 42 #include <string.h> |
| 43 #include "prerror.h" |
| 44 #include "secitem.h" |
| 45 #include "prnetdb.h" |
| 46 #include "cert.h" |
| 47 #include "nspr.h" |
| 48 #include "secder.h" |
| 49 #include "key.h" |
| 50 #include "nss.h" |
| 51 |
| 52 /* |
| 53 * Look to see if any of the signers in the cert chain for "cert" are found |
| 54 * in the list of caNames. |
| 55 * Returns SECSuccess if so, SECFailure if not. |
| 56 */ |
| 57 SECStatus |
| 58 NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) |
| 59 { |
| 60 SECItem * caname; |
| 61 CERTCertificate * curcert; |
| 62 CERTCertificate * oldcert; |
| 63 PRInt32 contentlen; |
| 64 int j; |
| 65 int headerlen; |
| 66 int depth; |
| 67 SECStatus rv; |
| 68 SECItem issuerName; |
| 69 SECItem compatIssuerName; |
| 70 |
| 71 if (!cert || !caNames || !caNames->nnames || !caNames->names || |
| 72 !caNames->names->data) |
| 73 return SECFailure; |
| 74 depth=0; |
| 75 curcert = CERT_DupCertificate(cert); |
| 76 |
| 77 while( curcert ) { |
| 78 issuerName = curcert->derIssuer; |
| 79 |
| 80 /* compute an alternate issuer name for compatibility with 2.0 |
| 81 * enterprise server, which send the CA names without |
| 82 * the outer layer of DER header |
| 83 */ |
| 84 rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen); |
| 85 if ( rv == SECSuccess ) { |
| 86 compatIssuerName.data = &issuerName.data[headerlen]; |
| 87 compatIssuerName.len = issuerName.len - headerlen; |
| 88 } else { |
| 89 compatIssuerName.data = NULL; |
| 90 compatIssuerName.len = 0; |
| 91 } |
| 92 |
| 93 for (j = 0; j < caNames->nnames; j++) { |
| 94 caname = &caNames->names[j]; |
| 95 if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) { |
| 96 rv = SECSuccess; |
| 97 CERT_DestroyCertificate(curcert); |
| 98 goto done; |
| 99 } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) { |
| 100 rv = SECSuccess; |
| 101 CERT_DestroyCertificate(curcert); |
| 102 goto done; |
| 103 } |
| 104 } |
| 105 if ( ( depth <= 20 ) && |
| 106 ( SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) |
| 107 != SECEqual ) ) { |
| 108 oldcert = curcert; |
| 109 curcert = CERT_FindCertByName(curcert->dbhandle, |
| 110 &curcert->derIssuer); |
| 111 CERT_DestroyCertificate(oldcert); |
| 112 depth++; |
| 113 } else { |
| 114 CERT_DestroyCertificate(curcert); |
| 115 curcert = NULL; |
| 116 } |
| 117 } |
| 118 rv = SECFailure; |
| 119 |
| 120 done: |
| 121 return rv; |
| 122 } |
| 123 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 394003:
Linux: enable building with a local version of libssl. (Closed)
