Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(37)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mozilla/security/nss/lib/certdb/certdb.c

Issue 12197027: Merge NSS_3_14_2_RTM. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« README.chromium ('K') | « README.chromium ('k') | mozilla/security/nss/lib/certdb/certt.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 4
5 /* 5 /*
6 * Certificate handling code 6 * Certificate handling code
7 * 7 *
8 * $Id: certdb.c,v 1.123 2012/04/25 14:49:26 gerv%gerv.net Exp $ 8 * $Id: certdb.c,v 1.124 2013/01/07 04:11:50 ryan.sleevi%gmail.com Exp $
9 */ 9 */
10 10
11 #include "nssilock.h" 11 #include "nssilock.h"
12 #include "prmon.h" 12 #include "prmon.h"
13 #include "prtime.h" 13 #include "prtime.h"
14 #include "cert.h" 14 #include "cert.h"
15 #include "certi.h" 15 #include "certi.h"
16 #include "secder.h" 16 #include "secder.h"
17 #include "secoid.h" 17 #include "secoid.h"
18 #include "secasn1.h" 18 #include "secasn1.h"
(...skipping 2025 matching lines...) Expand 10 before | Expand all | Expand 10 after
2044 version = DER_GetInteger(&cert->version); 2044 version = DER_GetInteger(&cert->version);
2045 if (version < 0) 2045 if (version < 0)
2046 version = 0; 2046 version = 0;
2047 } 2047 }
2048 return version; 2048 return version;
2049 } 2049 }
2050 2050
2051 static unsigned int 2051 static unsigned int
2052 cert_ComputeTrustOverrides(CERTCertificate *cert, unsigned int cType) 2052 cert_ComputeTrustOverrides(CERTCertificate *cert, unsigned int cType)
2053 { 2053 {
2054 CERTCertTrust *trust = cert->trust; 2054 CERTCertTrust trust;
2055 SECStatus rv = SECFailure;
2055 2056
2056 if (trust && (trust->sslFlags | 2057 rv = CERT_GetCertTrust(cert, &trust);
2057 » » trust->emailFlags |
2058 » » trust->objectSigningFlags)) {
2059 2058
2060 » if (trust->sslFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED)) 2059 if (rv == SECSuccess && (trust.sslFlags |
2060 » » trust.emailFlags |
2061 » » trust.objectSigningFlags)) {
2062
2063 » if (trust.sslFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED))
2061 cType |= NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT; 2064 cType |= NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT;
2062 » if (trust->sslFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA)) 2065 » if (trust.sslFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
2063 cType |= NS_CERT_TYPE_SSL_CA; 2066 cType |= NS_CERT_TYPE_SSL_CA;
2064 #if defined(CERTDB_NOT_TRUSTED) 2067 #if defined(CERTDB_NOT_TRUSTED)
2065 » if (trust->sslFlags & CERTDB_NOT_TRUSTED) 2068 » if (trust.sslFlags & CERTDB_NOT_TRUSTED)
2066 cType &= ~(NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT| 2069 cType &= ~(NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT|
2067 NS_CERT_TYPE_SSL_CA); 2070 NS_CERT_TYPE_SSL_CA);
2068 #endif 2071 #endif
2069 » if (trust->emailFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED)) 2072 » if (trust.emailFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED))
2070 cType |= NS_CERT_TYPE_EMAIL; 2073 cType |= NS_CERT_TYPE_EMAIL;
2071 » if (trust->emailFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA)) 2074 » if (trust.emailFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
2072 cType |= NS_CERT_TYPE_EMAIL_CA; 2075 cType |= NS_CERT_TYPE_EMAIL_CA;
2073 #if defined(CERTDB_NOT_TRUSTED) 2076 #if defined(CERTDB_NOT_TRUSTED)
2074 » if (trust->emailFlags & CERTDB_NOT_TRUSTED) 2077 » if (trust.emailFlags & CERTDB_NOT_TRUSTED)
2075 cType &= ~(NS_CERT_TYPE_EMAIL|NS_CERT_TYPE_EMAIL_CA); 2078 cType &= ~(NS_CERT_TYPE_EMAIL|NS_CERT_TYPE_EMAIL_CA);
2076 #endif 2079 #endif
2077 » if (trust->objectSigningFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED)) 2080 » if (trust.objectSigningFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED))
2078 cType |= NS_CERT_TYPE_OBJECT_SIGNING; 2081 cType |= NS_CERT_TYPE_OBJECT_SIGNING;
2079 » if (trust->objectSigningFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA)) 2082 » if (trust.objectSigningFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
2080 cType |= NS_CERT_TYPE_OBJECT_SIGNING_CA; 2083 cType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
2081 #if defined(CERTDB_NOT_TRUSTED) 2084 #if defined(CERTDB_NOT_TRUSTED)
2082 » if (trust->objectSigningFlags & CERTDB_NOT_TRUSTED) 2085 » if (trust.objectSigningFlags & CERTDB_NOT_TRUSTED)
2083 cType &= ~(NS_CERT_TYPE_OBJECT_SIGNING| 2086 cType &= ~(NS_CERT_TYPE_OBJECT_SIGNING|
2084 NS_CERT_TYPE_OBJECT_SIGNING_CA); 2087 NS_CERT_TYPE_OBJECT_SIGNING_CA);
2085 #endif 2088 #endif
2086 } 2089 }
2087 return cType; 2090 return cType;
2088 } 2091 }
2089 2092
2090 /* 2093 /*
2091 * Does a cert belong to a CA? We decide based on perm database trust 2094 * Does a cert belong to a CA? We decide based on perm database trust
2092 * flags, Netscape Cert Type Extension, and KeyUsage Extension. 2095 * flags, Netscape Cert Type Extension, and KeyUsage Extension.
(...skipping 718 matching lines...) Expand 10 before | Expand all | Expand 10 after
2811 } 2814 }
2812 } 2815 }
2813 return(SECSuccess); 2816 return(SECSuccess);
2814 2817
2815 loser: 2818 loser:
2816 return(SECFailure); 2819 return(SECFailure);
2817 } 2820 }
2818 2821
2819 PRBool CERT_IsUserCert(CERTCertificate* cert) 2822 PRBool CERT_IsUserCert(CERTCertificate* cert)
2820 { 2823 {
2821 if ( cert->trust && 2824 CERTCertTrust trust;
2822 ((cert->trust->sslFlags & CERTDB_USER ) || 2825 SECStatus rv = SECFailure;
2823 (cert->trust->emailFlags & CERTDB_USER ) || 2826
2824 (cert->trust->objectSigningFlags & CERTDB_USER )) ) { 2827 rv = CERT_GetCertTrust(cert, &trust);
2828 if (rv == SECSuccess &&
2829 ((trust.sslFlags & CERTDB_USER ) ||
2830 (trust.emailFlags & CERTDB_USER ) ||
2831 (trust.objectSigningFlags & CERTDB_USER )) ) {
2825 return PR_TRUE; 2832 return PR_TRUE;
2826 } else { 2833 } else {
2827 return PR_FALSE; 2834 return PR_FALSE;
2828 } 2835 }
2829 } 2836 }
2830 2837
2831 SECStatus 2838 SECStatus
2832 CERT_FilterCertListForUserCerts(CERTCertList *certList) 2839 CERT_FilterCertListForUserCerts(CERTCertList *certList)
2833 { 2840 {
2834 CERTCertListNode *node, *freenode; 2841 CERTCertListNode *node, *freenode;
(...skipping 422 matching lines...) Expand 10 before | Expand all | Expand 10 after
3257 CERTCertificate *cert = NULL; 3264 CERTCertificate *cert = NULL;
3258 SECItem *derCert; 3265 SECItem *derCert;
3259 3266
3260 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); 3267 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID);
3261 if (derCert) { 3268 if (derCert) {
3262 cert = CERT_FindCertByDERCert(handle, derCert); 3269 cert = CERT_FindCertByDERCert(handle, derCert);
3263 SECITEM_FreeItem(derCert, PR_TRUE); 3270 SECITEM_FreeItem(derCert, PR_TRUE);
3264 } 3271 }
3265 return cert; 3272 return cert;
3266 } 3273 }
OLDNEW
« README.chromium ('K') | « README.chromium ('k') | mozilla/security/nss/lib/certdb/certt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698