Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: mozilla/security/nss/lib/pki/pki3hack.c

Issue 10961060: Update NSS to NSS 3.14 Beta 1. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Add the NSS snapshot timestamp to README.chromium and nss-checkout.sh Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « mozilla/security/nss/lib/pk11wrap/secmodti.h ('k') | mozilla/security/nss/lib/pki/pkibase.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: mozilla/security/nss/lib/pki/pki3hack.c
===================================================================
--- mozilla/security/nss/lib/pki/pki3hack.c (revision 158129)
+++ mozilla/security/nss/lib/pki/pki3hack.c (working copy)
@@ -412,6 +412,50 @@
return match;
}
+static PRBool
+nss3certificate_isTrustedForUsage(nssDecodedCert *dc, const NSSUsage *usage)
+{
+ CERTCertificate *cc;
+ PRBool ca;
+ SECStatus secrv;
+ unsigned int requiredFlags;
+ unsigned int trustFlags;
+ SECTrustType trustType;
+ CERTCertTrust trust;
+
+ /* This is for NSS 3.3 functions that do not specify a usage */
+ if (usage->anyUsage) {
+ return PR_FALSE; /* XXX is this right? */
+ }
+ cc = (CERTCertificate *)dc->data;
+ ca = usage->nss3lookingForCA;
+ if (!ca) {
+ PRBool trusted;
+ unsigned int failedFlags;
+ secrv = cert_CheckLeafTrust(cc, usage->nss3usage,
+ &failedFlags, &trusted);
+ return secrv == SECSuccess && trusted;
+ }
+ secrv = CERT_TrustFlagsForCACertUsage(usage->nss3usage, &requiredFlags,
+ &trustType);
+ if (secrv != SECSuccess) {
+ return PR_FALSE;
+ }
+ secrv = CERT_GetCertTrust(cc, &trust);
+ if (secrv != SECSuccess) {
+ return PR_FALSE;
+ }
+ if (trustType == trustTypeNone) {
+ /* normally trustTypeNone usages accept any of the given trust bits
+ * being on as acceptable. */
+ trustFlags = trust.sslFlags | trust.emailFlags |
+ trust.objectSigningFlags;
+ } else {
+ trustFlags = SEC_GET_TRUST_FLAGS(&trust, trustType);
+ }
+ return (trustFlags & requiredFlags) == requiredFlags;
+}
+
static NSSASCII7 *
nss3certificate_getEmailAddress(nssDecodedCert *dc)
{
@@ -462,6 +506,7 @@
rvDC->isValidAtTime = nss3certificate_isValidAtTime;
rvDC->isNewerThan = nss3certificate_isNewerThan;
rvDC->matchUsage = nss3certificate_matchUsage;
+ rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage;
rvDC->getEmailAddress = nss3certificate_getEmailAddress;
rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber;
} else {
@@ -489,7 +534,9 @@
rvDC->isValidAtTime = nss3certificate_isValidAtTime;
rvDC->isNewerThan = nss3certificate_isNewerThan;
rvDC->matchUsage = nss3certificate_matchUsage;
+ rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage;
rvDC->getEmailAddress = nss3certificate_getEmailAddress;
+ rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber;
}
return rvDC;
}
« no previous file with comments | « mozilla/security/nss/lib/pk11wrap/secmodti.h ('k') | mozilla/security/nss/lib/pki/pkibase.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698