Merge NSS_3_14_2_RTM.

mozilla/security/nss/lib/certdb/certdb.c

Index: mozilla/security/nss/lib/certdb/certdb.c
===================================================================
--- mozilla/security/nss/lib/certdb/certdb.c	(revision 180567)
+++ mozilla/security/nss/lib/certdb/certdb.c	(working copy)
@@ -5,7 +5,7 @@
 /*
  * Certificate handling code
  *
- * $Id: certdb.c,v 1.123 2012/04/25 14:49:26 gerv%gerv.net Exp $
+ * $Id: certdb.c,v 1.124 2013/01/07 04:11:50 ryan.sleevi%gmail.com Exp $
  */
 
 #include "nssilock.h"
@@ -2051,35 +2051,38 @@
 static unsigned int
 cert_ComputeTrustOverrides(CERTCertificate *cert, unsigned int cType)
 {
-    CERTCertTrust *trust = cert->trust;
+    CERTCertTrust trust;
+    SECStatus rv = SECFailure;
 
-    if (trust && (trust->sslFlags |
-		  trust->emailFlags |
-		  trust->objectSigningFlags)) {
+    rv = CERT_GetCertTrust(cert, &trust);
 
-	if (trust->sslFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED)) 
+    if (rv == SECSuccess && (trust.sslFlags |
+		  trust.emailFlags |
+		  trust.objectSigningFlags)) {
+
+	if (trust.sslFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED)) 
 	    cType |= NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT;
-	if (trust->sslFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA)) 
+	if (trust.sslFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA)) 
 	    cType |= NS_CERT_TYPE_SSL_CA;
 #if defined(CERTDB_NOT_TRUSTED)
-	if (trust->sslFlags & CERTDB_NOT_TRUSTED) 
+	if (trust.sslFlags & CERTDB_NOT_TRUSTED) 
 	    cType &= ~(NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT|
 	               NS_CERT_TYPE_SSL_CA);
 #endif
-	if (trust->emailFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED)) 
+	if (trust.emailFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED)) 
 	    cType |= NS_CERT_TYPE_EMAIL;
-	if (trust->emailFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA)) 
+	if (trust.emailFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA)) 
 	    cType |= NS_CERT_TYPE_EMAIL_CA;
 #if defined(CERTDB_NOT_TRUSTED)
-	if (trust->emailFlags & CERTDB_NOT_TRUSTED) 
+	if (trust.emailFlags & CERTDB_NOT_TRUSTED) 
 	    cType &= ~(NS_CERT_TYPE_EMAIL|NS_CERT_TYPE_EMAIL_CA);
 #endif
-	if (trust->objectSigningFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED)) 
+	if (trust.objectSigningFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED)) 
 	    cType |= NS_CERT_TYPE_OBJECT_SIGNING;
-	if (trust->objectSigningFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA)) 
+	if (trust.objectSigningFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA)) 
 	    cType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
 #if defined(CERTDB_NOT_TRUSTED)
-	if (trust->objectSigningFlags & CERTDB_NOT_TRUSTED) 
+	if (trust.objectSigningFlags & CERTDB_NOT_TRUSTED) 
 	    cType &= ~(NS_CERT_TYPE_OBJECT_SIGNING|
 	               NS_CERT_TYPE_OBJECT_SIGNING_CA);
 #endif
@@ -2818,10 +2821,14 @@
 
 PRBool CERT_IsUserCert(CERTCertificate* cert)
 {
-    if ( cert->trust &&
-        ((cert->trust->sslFlags & CERTDB_USER ) ||
-         (cert->trust->emailFlags & CERTDB_USER ) ||
-         (cert->trust->objectSigningFlags & CERTDB_USER )) ) {
+    CERTCertTrust trust;
+    SECStatus rv = SECFailure;
+
+    rv = CERT_GetCertTrust(cert, &trust);
+    if (rv == SECSuccess &&
+        ((trust.sslFlags & CERTDB_USER ) ||
+         (trust.emailFlags & CERTDB_USER ) ||
+         (trust.objectSigningFlags & CERTDB_USER )) ) {
         return PR_TRUE;
     } else {
         return PR_FALSE;