Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(11740)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

Issue 9940001: Fix imported server certs being distrusted in NSS 3.13. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: remove openssl stubs, replace TrustBits::TRUST_TERMINAL_RECORD with EXPLICIT_DISTRUST Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/chrome_browser.gypi ('k') | net/base/cert_database.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
index c161b65d8523ecddc748cce013d9c49a27638605..b2e30830d5686932863c6d5574aaa64b77672a62 100644
--- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
+++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
@@ -40,6 +40,7 @@
#include "chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h"
+#include <certdb.h>
#include <keyhi.h>
#include <prprf.h>
#include <unicode/uidna.h>
@@ -53,9 +54,16 @@
#include "grit/generated_resources.h"
#include "net/base/ip_endpoint.h"
#include "net/base/net_util.h"
-#include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"
#include "ui/base/l10n/l10n_util.h"
+#if !defined(CERTDB_TERMINAL_RECORD)
+/* NSS 3.13 renames CERTDB_VALID_PEER to CERTDB_TERMINAL_RECORD
+ * and marks CERTDB_VALID_PEER as deprecated.
+ * If we're using an older version, rename it ourselves.
+ */
+#define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER
+#endif
+
namespace {
std::string BMPtoUTF8(PRArenaPool* arena, unsigned char* data,
@@ -1038,12 +1046,11 @@ std::string ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo* spki) {
}
net::CertType GetCertType(CERTCertificate *cert) {
- nsNSSCertTrust trust(cert->trust);
- if (cert->nickname && trust.HasAnyUser())
+ if (cert->nickname && cert->trust->sslFlags & CERTDB_USER)
mattm 2012/05/16 03:35:30 This version only checks the sslFlags when checkin
Ryan Sleevi 2012/05/16 03:57:23 For Linux, where users may have pre-existing certs
mattm 2012/05/16 22:30:50 Done.
return net::USER_CERT;
- if (trust.HasAnyCA() || CERT_IsCACert(cert, NULL))
+ if (cert->trust->sslFlags & CERTDB_VALID_CA || CERT_IsCACert(cert, NULL))
return net::CA_CERT;
- if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
+ if (cert->trust->sslFlags & CERTDB_TERMINAL_RECORD)
return net::SERVER_CERT;
return net::UNKNOWN_CERT;
}
« no previous file with comments | « chrome/chrome_browser.gypi ('k') | net/base/cert_database.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698