net/base/cert_database.h - Issue 9940001: Fix imported server certs being distrusted in NSS 3.13.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/cert_database.h

Issue 9940001: Fix imported server certs being distrusted in NSS 3.13. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: chromeos compile fix Created 8 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/ui/webui/options2/certificate_manager_handler2.cc ('K') | « chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp ('k') | net/base/cert_database_nss.cc » ('j') | net/base/cert_database_nss.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/base/cert_database.h

diff --git a/net/base/cert_database.h b/net/base/cert_database.h

index 2e95624c911c1d070f6d4d1df65a6d93fbdc9e13..51a168175a3da4ccf621642dd35c3cd913203a07 100644

--- a/net/base/cert_database.h

+++ b/net/base/cert_database.h

@@ -80,14 +80,18 @@ class NET_EXPORT CertDatabase {

// trusted as a server.

// For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is

// trusted for email.

+ // For non-root certs, TRUST_TERMINAL_RECORD specifies that the cert should

+ // not inherit trust from the issuer cert chain, and the cert will be trusted

Ryan Sleevi 2012/05/16 03:57:23 I don't see TRUST_TERMINAL_RECORD here, just EXPLI

mattm 2012/05/16 22:30:51 fixed.

+ // or not based only on which TRUSTED_* flags are set.

// NOTE: The actual constants are defined using an enum instead of static

// consts due to compilation/linkage constraints with template functions.

typedef uint32 TrustBits;

enum {

- UNTRUSTED = 0,

- TRUSTED_SSL = 1 << 0,

- TRUSTED_EMAIL = 1 << 1,

- TRUSTED_OBJ_SIGN = 1 << 2,

+ UNTRUSTED = 0,

+ TRUSTED_SSL = 1 << 0,

+ TRUSTED_EMAIL = 1 << 1,

+ TRUSTED_OBJ_SIGN = 1 << 2,

+ EXPLICIT_DISTRUST = 1 << 3,

};

CertDatabase();

@@ -101,7 +105,7 @@ class NET_EXPORT CertDatabase {

// the platform cert database, or possibly other network error codes.

int AddUserCert(X509Certificate* cert);

-#if defined(USE_NSS) || defined(USE_OPENSSL)

+#if defined(USE_NSS)

// Get a list of unique certificates in the certificate database (one

// instance of all certificates).

void ListCerts(CertificateList* certs);

@@ -162,6 +166,7 @@ class NET_EXPORT CertDatabase {

// |not_imported| should be checked for any certificates that were not

// imported.

bool ImportServerCert(const CertificateList& certificates,

+ TrustBits trust_bits,

ImportCertFailureList* not_imported);

// Get trust bits for certificate.