| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 /* | 5 /* |
| 6 * Implementation of OCSP services, for both client and server. | 6 * Implementation of OCSP services, for both client and server. |
| 7 * (XXX, really, mostly just for client right now, but intended to do both.) | 7 * (XXX, really, mostly just for client right now, but intended to do both.) |
| 8 */ | 8 */ |
| 9 | 9 |
| 10 #include "prerror.h" | 10 #include "prerror.h" |
| (...skipping 4209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4220 | 4220 |
| 4221 return rv; | 4221 return rv; |
| 4222 } | 4222 } |
| 4223 | 4223 |
| 4224 /* | 4224 /* |
| 4225 * See if the request's certID and the single response's certID match. | 4225 * See if the request's certID and the single response's certID match. |
| 4226 * This can be easy or difficult, depending on whether the same hash | 4226 * This can be easy or difficult, depending on whether the same hash |
| 4227 * algorithm was used. | 4227 * algorithm was used. |
| 4228 */ | 4228 */ |
| 4229 static PRBool | 4229 static PRBool |
| 4230 ocsp_CertIDsMatch(CERTCertDBHandle *handle, | 4230 ocsp_CertIDsMatch(CERTOCSPCertID *requestCertID, |
| 4231 » » CERTOCSPCertID *requestCertID, | |
| 4232 CERTOCSPCertID *responseCertID) | 4231 CERTOCSPCertID *responseCertID) |
| 4233 { | 4232 { |
| 4234 PRBool match = PR_FALSE; | 4233 PRBool match = PR_FALSE; |
| 4235 SECOidTag hashAlg; | 4234 SECOidTag hashAlg; |
| 4236 SECItem *keyHash = NULL; | 4235 SECItem *keyHash = NULL; |
| 4237 SECItem *nameHash = NULL; | 4236 SECItem *nameHash = NULL; |
| 4238 | 4237 |
| 4239 /* | 4238 /* |
| 4240 * In order to match, they must have the same issuer and the same | 4239 * In order to match, they must have the same issuer and the same |
| 4241 * serial number. | 4240 * serial number. |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4278 case SEC_OID_MD5: | 4277 case SEC_OID_MD5: |
| 4279 keyHash = &requestCertID->issuerMD5KeyHash; | 4278 keyHash = &requestCertID->issuerMD5KeyHash; |
| 4280 nameHash = &requestCertID->issuerMD5NameHash; | 4279 nameHash = &requestCertID->issuerMD5NameHash; |
| 4281 break; | 4280 break; |
| 4282 case SEC_OID_MD2: | 4281 case SEC_OID_MD2: |
| 4283 keyHash = &requestCertID->issuerMD2KeyHash; | 4282 keyHash = &requestCertID->issuerMD2KeyHash; |
| 4284 nameHash = &requestCertID->issuerMD2NameHash; | 4283 nameHash = &requestCertID->issuerMD2NameHash; |
| 4285 break; | 4284 break; |
| 4286 default: | 4285 default: |
| 4287 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); | 4286 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
| 4288 » return SECFailure; | 4287 » return PR_FALSE; |
| 4289 } | 4288 } |
| 4290 | 4289 |
| 4291 if ((keyHash != NULL) | 4290 if ((keyHash != NULL) |
| 4292 && (SECITEM_CompareItem(nameHash, | 4291 && (SECITEM_CompareItem(nameHash, |
| 4293 &responseCertID->issuerNameHash) == SECEqual) | 4292 &responseCertID->issuerNameHash) == SECEqual) |
| 4294 && (SECITEM_CompareItem(keyHash, | 4293 && (SECITEM_CompareItem(keyHash, |
| 4295 &responseCertID->issuerKeyHash) == SECEqual)) { | 4294 &responseCertID->issuerKeyHash) == SECEqual)) { |
| 4296 match = PR_TRUE; | 4295 match = PR_TRUE; |
| 4297 } | 4296 } |
| 4298 | 4297 |
| (...skipping 13 matching lines...) Expand all Loading... |
| 4312 CERTOCSPCertID *certID) | 4311 CERTOCSPCertID *certID) |
| 4313 { | 4312 { |
| 4314 CERTOCSPSingleResponse *single; | 4313 CERTOCSPSingleResponse *single; |
| 4315 int i; | 4314 int i; |
| 4316 | 4315 |
| 4317 if (responses == NULL) | 4316 if (responses == NULL) |
| 4318 return NULL; | 4317 return NULL; |
| 4319 | 4318 |
| 4320 for (i = 0; responses[i] != NULL; i++) { | 4319 for (i = 0; responses[i] != NULL; i++) { |
| 4321 single = responses[i]; | 4320 single = responses[i]; |
| 4322 » if (ocsp_CertIDsMatch(handle, certID, single->certID)) { | 4321 » if (ocsp_CertIDsMatch(certID, single->certID)) { |
| 4323 return single; | 4322 return single; |
| 4324 } | 4323 } |
| 4325 } | 4324 } |
| 4326 | 4325 |
| 4327 /* | 4326 /* |
| 4328 * The OCSP server should have included a response even if it knew | 4327 * The OCSP server should have included a response even if it knew |
| 4329 * nothing about the certificate in question. Since it did not, | 4328 * nothing about the certificate in question. Since it did not, |
| 4330 * this will make it look as if it had. | 4329 * this will make it look as if it had. |
| 4331 * | 4330 * |
| 4332 * XXX Should we make this a separate error to notice the server's | 4331 * XXX Should we make this a separate error to notice the server's |
| (...skipping 1837 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6170 case ocspResponse_unauthorized: | 6169 case ocspResponse_unauthorized: |
| 6171 PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST); | 6170 PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST); |
| 6172 break; | 6171 break; |
| 6173 case ocspResponse_unused: | 6172 case ocspResponse_unused: |
| 6174 default: | 6173 default: |
| 6175 PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS); | 6174 PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS); |
| 6176 break; | 6175 break; |
| 6177 } | 6176 } |
| 6178 return SECFailure; | 6177 return SECFailure; |
| 6179 } | 6178 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 133273035:
Update third_party/nss to 3.15.5 Beta 2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/