Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(95)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

Issue 9940001: Fix imported server certs being distrusted in NSS 3.13. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: review fixes Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/common/net/x509_certificate_model_unittest.cc ('K') | « chrome/common/net/x509_certificate_model_unittest.cc ('k') | net/base/cert_database.h » ('j') | net/base/cert_database.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
index c161b65d8523ecddc748cce013d9c49a27638605..2f62ec1171f00d823652468d4e7af5e735710898 100644
--- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
+++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
@@ -40,6 +40,7 @@
#include "chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h"
+#include <certdb.h>
#include <keyhi.h>
#include <prprf.h>
#include <unicode/uidna.h>
@@ -53,9 +54,16 @@
#include "grit/generated_resources.h"
#include "net/base/ip_endpoint.h"
#include "net/base/net_util.h"
-#include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"
#include "ui/base/l10n/l10n_util.h"
+#if !defined(CERTDB_TERMINAL_RECORD)
+/* NSS 3.13 renames CERTDB_VALID_PEER to CERTDB_TERMINAL_RECORD
+ * and marks CERTDB_VALID_PEER as deprecated.
+ * If we're using an older version, rename it ourselves.
+ */
+#define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER
+#endif
+
namespace {
std::string BMPtoUTF8(PRArenaPool* arena, unsigned char* data,
@@ -1038,12 +1046,17 @@ std::string ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo* spki) {
}
net::CertType GetCertType(CERTCertificate *cert) {
- nsNSSCertTrust trust(cert->trust);
- if (cert->nickname && trust.HasAnyUser())
+ CERTCertTrust trust = {0};
+ CERT_GetCertTrust(cert, &trust);
+
+ unsigned all_flags = trust.sslFlags | trust.emailFlags |
+ trust.objectSigningFlags;
+
+ if (cert->nickname && all_flags & CERTDB_USER)
Ryan Sleevi 2012/05/16 22:52:13 nit: because of operator precedence, I find it hel
mattm 2012/05/18 03:40:54 Done.
return net::USER_CERT;
- if (trust.HasAnyCA() || CERT_IsCACert(cert, NULL))
+ if (all_flags & CERTDB_VALID_CA || CERT_IsCACert(cert, NULL))
return net::CA_CERT;
- if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
+ if (trust.sslFlags & CERTDB_TERMINAL_RECORD)
wtc 2012/05/16 23:37:12 This test should be supplemented by another cert t
mattm 2012/05/18 03:40:54 Filed http://crbug.com/128633.
return net::SERVER_CERT;
return net::UNKNOWN_CERT;
}
« chrome/common/net/x509_certificate_model_unittest.cc ('K') | « chrome/common/net/x509_certificate_model_unittest.cc ('k') | net/base/cert_database.h » ('j') | net/base/cert_database.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698