| OLD | NEW |
|---|
| 1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
| 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 3 * | 3 * |
| 4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
| 5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
| 6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
| 7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
| 8 * | 8 * |
| 9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
| 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
| (...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 205 PR_FALSE, PR_FALSE); | 205 PR_FALSE, PR_FALSE); |
| 206 SetEmailTrust(PR_FALSE, PR_FALSE, | 206 SetEmailTrust(PR_FALSE, PR_FALSE, |
| 207 PR_TRUE, PR_TRUE, PR_TRUE, | 207 PR_TRUE, PR_TRUE, PR_TRUE, |
| 208 PR_FALSE, PR_FALSE); | 208 PR_FALSE, PR_FALSE); |
| 209 SetObjSignTrust(PR_FALSE, PR_FALSE, | 209 SetObjSignTrust(PR_FALSE, PR_FALSE, |
| 210 PR_TRUE, PR_TRUE, PR_TRUE, | 210 PR_TRUE, PR_TRUE, PR_TRUE, |
| 211 PR_FALSE, PR_FALSE); | 211 PR_FALSE, PR_FALSE); |
| 212 } | 212 } |
| 213 | 213 |
| 214 void | 214 void |
| 215 nsNSSCertTrust::SetValidPeer() | 215 nsNSSCertTrust::SetTerminalRecord() |
| 216 { | 216 { |
| 217 SetSSLTrust(PR_TRUE, PR_FALSE, | 217 SetSSLTrust(PR_TRUE, PR_FALSE, |
| 218 PR_FALSE, PR_FALSE, PR_FALSE, | 218 PR_FALSE, PR_FALSE, PR_FALSE, |
| 219 PR_FALSE, PR_FALSE); | 219 PR_FALSE, PR_FALSE); |
| 220 SetEmailTrust(PR_TRUE, PR_FALSE, | 220 SetEmailTrust(PR_TRUE, PR_FALSE, |
| 221 PR_FALSE, PR_FALSE, PR_FALSE, | 221 PR_FALSE, PR_FALSE, PR_FALSE, |
| 222 PR_FALSE, PR_FALSE); | 222 PR_FALSE, PR_FALSE); |
| 223 SetObjSignTrust(PR_TRUE, PR_FALSE, | 223 SetObjSignTrust(PR_TRUE, PR_FALSE, |
| 224 PR_FALSE, PR_FALSE, PR_FALSE, | 224 PR_FALSE, PR_FALSE, PR_FALSE, |
| 225 PR_FALSE, PR_FALSE); | 225 PR_FALSE, PR_FALSE); |
| 226 } | 226 } |
| 227 | 227 |
| 228 void | 228 void |
| 229 nsNSSCertTrust::SetValidServerPeer() | 229 nsNSSCertTrust::SetTerminalServerRecord() |
| 230 { | 230 { |
| 231 SetSSLTrust(PR_TRUE, PR_FALSE, | 231 SetSSLTrust(PR_TRUE, PR_FALSE, |
| 232 PR_FALSE, PR_FALSE, PR_FALSE, | 232 PR_FALSE, PR_FALSE, PR_FALSE, |
| 233 PR_FALSE, PR_FALSE); | 233 PR_FALSE, PR_FALSE); |
| 234 SetEmailTrust(PR_FALSE, PR_FALSE, | 234 SetEmailTrust(PR_FALSE, PR_FALSE, |
| 235 PR_FALSE, PR_FALSE, PR_FALSE, | 235 PR_FALSE, PR_FALSE, PR_FALSE, |
| 236 PR_FALSE, PR_FALSE); | 236 PR_FALSE, PR_FALSE); |
| 237 SetObjSignTrust(PR_FALSE, PR_FALSE, | 237 SetObjSignTrust(PR_FALSE, PR_FALSE, |
| 238 PR_FALSE, PR_FALSE, PR_FALSE, | 238 PR_FALSE, PR_FALSE, PR_FALSE, |
| 239 PR_FALSE, PR_FALSE); | 239 PR_FALSE, PR_FALSE); |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 285 if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_CA)) | 285 if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_CA)) |
| 286 return PR_FALSE; | 286 return PR_FALSE; |
| 287 if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_CA)) | 287 if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_CA)) |
| 288 return PR_FALSE; | 288 return PR_FALSE; |
| 289 if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA)) | 289 if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA)) |
| 290 return PR_FALSE; | 290 return PR_FALSE; |
| 291 return PR_TRUE; | 291 return PR_TRUE; |
| 292 } | 292 } |
| 293 | 293 |
| 294 PRBool | 294 PRBool |
| 295 nsNSSCertTrust::HasPeer(PRBool checkSSL, | 295 nsNSSCertTrust::HasTerminalRecord(PRBool checkSSL, |
| 296 PRBool checkEmail, | 296 PRBool checkEmail, |
| 297 PRBool checkObjSign) | 297 PRBool checkObjSign) |
| 298 { | 298 { |
| 299 if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD)) | 299 if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD)) |
| 300 return PR_FALSE; | 300 return PR_FALSE; |
| 301 if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD)) | 301 if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD)) |
| 302 return PR_FALSE; | 302 return PR_FALSE; |
| 303 if (checkObjSign && | 303 if (checkObjSign && |
| 304 !hasTrust(mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD)) | 304 !hasTrust(mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD)) |
| 305 return PR_FALSE; | 305 return PR_FALSE; |
| 306 return PR_TRUE; | 306 return PR_TRUE; |
| 307 } | 307 } |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 369 *t |= v; | 369 *t |= v; |
| 370 } | 370 } |
| 371 | 371 |
| 372 PRBool | 372 PRBool |
| 373 nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v) | 373 nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v) |
| 374 { | 374 { |
| 375 return !!(t & v); | 375 return !!(t & v); |
| 376 } | 376 } |
| 377 | 377 |
| 378 } // namespace mozilla_security_manager | 378 } // namespace mozilla_security_manager |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9940001:
Fix imported server certs being distrusted in NSS 3.13. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src