Update NSS to NSS 3.14 Beta 1.

mozilla/security/nss/lib/certhigh/ocsp.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * Implementation of OCSP services, for both client and server.
  * (XXX, really, mostly just for client right now, but intended to do both.)
  *
- * $Id: ocsp.c,v 1.71 2012/05/31 22:03:36 emaldona%redhat.com Exp $
+ * $Id: ocsp.c,v 1.72 2012/09/22 13:41:58 wtc%google.com Exp $
  */
 
 #include "prerror.h"
 #include "prprf.h"
 #include "plarena.h"
 #include "prnetdb.h"
 
 #include "seccomon.h"
 #include "secitem.h"
 #include "secoidt.h"
@@ skipping 78 matching lines @@
                   ocspMode_FailureIsVerificationFailure,
                   NULL
                 };
 
 
 
 /* Forward declarations */
 static SECItem *
 ocsp_GetEncodedOCSPResponseFromRequest(PRArenaPool *arena, 
                                        CERTOCSPRequest *request,
-                                       char *location, int64 time,
+                                       const char *location, int64 time,
                                        PRBool addServiceLocator,
                                        void *pwArg,
                                        CERTOCSPRequest **pRequest);
 static SECStatus
 ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle, 
                               CERTOCSPCertID *certID, 
                               CERTCertificate *cert, 
                               int64 time, 
                               void *pwArg,
                               PRBool *certIDWasConsumed,
@@ skipping 1350 matching lines @@
  *   Decode a DER encoded OCSP Request.
  * INPUTS:
  *   SECItem *src
  *     Pointer to a SECItem holding DER encoded OCSP Request.
  * RETURN:
  *   Returns a pointer to a CERTOCSPRequest containing the decoded request.
  *   On error, returns NULL.  Most likely error is trouble decoding
  *   (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory).
  */
 CERTOCSPRequest *
-CERT_DecodeOCSPRequest(SECItem *src)
+CERT_DecodeOCSPRequest(const SECItem *src)
 {
     PRArenaPool *arena = NULL;
     SECStatus rv = SECFailure;
     CERTOCSPRequest *dest = NULL;
     int i;
     SECItem newSrc;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
         goto loser;
@@ skipping 1411 matching lines @@
 
 /*
  * Sends an encoded OCSP request to the server identified by "location",
  * and returns the socket on which it was sent (so can listen for the reply).
  * "location" is expected to be a valid URL -- an error parsing it produces
  * SEC_ERROR_CERT_BAD_ACCESS_LOCATION.  Other errors are likely problems
  * connecting to it, or writing to it, or allocating memory, and the low-level
  * errors appropriate to the problem will be set.
  */
 static PRFileDesc *
-ocsp_SendEncodedRequest(char *location, SECItem *encodedRequest)
+ocsp_SendEncodedRequest(const char *location, SECItem *encodedRequest)
 {
     char *hostname = NULL;
     char *path = NULL;
     PRUint16 port;
     SECStatus rv;
     PRFileDesc *sock = NULL;
     PRFileDesc *returnSock = NULL;
     char *header = NULL;
     char portstr[16];
 
@@ skipping 338 matching lines @@
 }
 
 /*
  * Limit the size of http responses we are willing to accept.
  */
 #define MAX_WANTED_OCSP_RESPONSE_LEN 64*1024
 
 static SECItem *
 fetchOcspHttpClientV1(PRArenaPool *arena, 
                       const SEC_HttpClientFcnV1 *hcv1, 
-                      char *location, 
+                      const char *location, 
                       SECItem *encodedRequest)
 {
     char *hostname = NULL;
     char *path = NULL;
     PRUint16 port;
     SECItem *encodedResponse = NULL;
     SEC_HTTP_SERVER_SESSION pServerSession = NULL;
     SEC_HTTP_REQUEST_SESSION pRequestSession = NULL;
     PRUint16 myHttpResponseCode;
     const char *myHttpResponseData;
@@ skipping 98 matching lines @@
  *     If NULL, result will be allocated from the heap (and thus should
  *     be freed via SECITEM_FreeItem).
  *   CERTCertList *certList
  *     A list of certs for which status will be requested.
  *     Note that all of these certificates should have the same issuer,
  *     or it's expected the response will be signed by a trusted responder.
  *     If the certs need to be broken up into multiple requests, that
  *     must be handled by the caller (and thus by having multiple calls
  *     to this routine), who knows about where the request(s) are being
  *     sent and whether there are any trusted responders in place.
- *   char *location
+ *   const char *location
  *     The location of the OCSP responder (a URL).
  *   int64 time
  *     Indicates the time for which the certificate status is to be 
  *     determined -- this may be used in the search for the cert's issuer
  *     but has no other bearing on the operation.
  *   PRBool addServiceLocator
  *     If true, the Service Locator extension should be added to the
  *     single request(s) for each cert.
  *   CERTCertificate *signerCert
  *     If non-NULL, means sign the request using this cert.  Otherwise,
@@ skipping 10 matching lines @@
  * RETURN:
  *   Returns a pointer to the SECItem holding the response.
  *   On error, returns null with error set describing the reason:
  *      SEC_ERROR_UNKNOWN_ISSUER
  *      SEC_ERROR_CERT_BAD_ACCESS_LOCATION
  *      SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
  *   Other errors are low-level problems (no memory, bad database, etc.).
  */
 SECItem *
 CERT_GetEncodedOCSPResponse(PRArenaPool *arena, CERTCertList *certList,
-                            char *location, int64 time,
+                            const char *location, int64 time,
                             PRBool addServiceLocator,
                             CERTCertificate *signerCert, void *pwArg,
                             CERTOCSPRequest **pRequest)
 {
     CERTOCSPRequest *request;
     request = CERT_CreateOCSPRequest(certList, time, addServiceLocator,
                                      signerCert);
     if (!request)
         return NULL;
     return ocsp_GetEncodedOCSPResponseFromRequest(arena, request, location, 
                                                   time, addServiceLocator, 
                                                   pwArg, pRequest);
 }
 
 static SECItem *
 ocsp_GetEncodedOCSPResponseFromRequest(PRArenaPool *arena, 
                                        CERTOCSPRequest *request,
-                                       char *location, int64 time,
+                                       const char *location, int64 time,
                                        PRBool addServiceLocator,
                                        void *pwArg,
                                        CERTOCSPRequest **pRequest)
 {
     SECItem *encodedRequest = NULL;
     SECItem *encodedResponse = NULL;
     PRFileDesc *sock = NULL;
     SECStatus rv;
     const SEC_HttpClientFcn *registeredHttpClient = NULL;
 
@@ skipping 40 matching lines @@
     if (sock != NULL)
         PR_Close(sock);
 
     return encodedResponse;
 }
 
 static SECItem *
 ocsp_GetEncodedOCSPResponseForSingleCert(PRArenaPool *arena, 
                                          CERTOCSPCertID *certID, 
                                          CERTCertificate *singleCert, 
-                                         char *location, int64 time,
+                                         const char *location, int64 time,
                                          PRBool addServiceLocator,
                                          void *pwArg,
                                          CERTOCSPRequest **pRequest)
 {
     CERTOCSPRequest *request;
     request = cert_CreateSingleCertOCSPRequest(certID, singleCert, time, 
                                                addServiceLocator, NULL);
     if (!request)
         return NULL;
     return ocsp_GetEncodedOCSPResponseFromRequest(arena, request, location, 
@@ skipping 2182 matching lines @@
         PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST);
         break;
       case ocspResponse_other:
       case ocspResponse_unused:
       default:
         PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS);
         break;
     }
     return SECFailure;
 }