Update NSS to NSS_3_15_BETA2.

nss/lib/certdb/genname.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "plarena.h"
 #include "seccomon.h"
 #include "secitem.h"
 #include "secoidt.h"
 #include "secasn1.h"
 #include "secder.h"
@@ skipping 668 matching lines @@
     first->l.prev = &(current->l);
     /* TODO: unmark arena */
     return first;
 loser:
     /* TODO: release arena back to mark */
     return NULL;
 }
 
 CERTNameConstraints *
 cert_DecodeNameConstraints(PRArenaPool   *reqArena,
-                           SECItem       *encodedConstraints)
+                           const SECItem *encodedConstraints)
 {
     CERTNameConstraints   *constraints;
     SECStatus             rv;
     SECItem*              newEncodedConstraints;
 
     if (!reqArena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
     PORT_Assert(encodedConstraints);
@@ skipping 357 matching lines @@
 CERTGeneralName *
 CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena)
 {
     return CERT_GetConstrainedCertificateNames(cert, arena, PR_FALSE);
 }
 
 /* This function is called by CERT_VerifyCertChain to extract all
 ** names from a cert in preparation for a name constraints test.
 */
 CERTGeneralName *
-CERT_GetConstrainedCertificateNames(CERTCertificate *cert, PRArenaPool *arena,
+CERT_GetConstrainedCertificateNames(const CERTCertificate *cert,
+                                    PRArenaPool *arena,
                                     PRBool includeSubjectCommonName)
 {
     CERTGeneralName  *DN;
     CERTGeneralName  *SAN;
     PRUint32         numDNSNames = 0;
     SECStatus        rv;
 
     if (!arena) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
@@ skipping 255 matching lines @@
 
 /* This function takes one name, and a list of constraints.
 ** It searches the constraints looking for a match.
 ** It returns SECSuccess if the name satisfies the constraints, i.e.,
 ** if excluded, then the name does not match any constraint, 
 ** if permitted, then the name matches at least one constraint.
 ** It returns SECFailure if the name fails to satisfy the constraints,
 ** or if some code fails (e.g. out of memory, or invalid constraint)
 */
 SECStatus
-cert_CompareNameWithConstraints(CERTGeneralName     *name, 
-                                CERTNameConstraint  *constraints,
+cert_CompareNameWithConstraints(const CERTGeneralName     *name,
+                                const CERTNameConstraint  *constraints,
                                 PRBool              excluded)
 {
     SECStatus           rv     = SECSuccess;
     SECStatus           matched = SECFailure;
-    CERTNameConstraint  *current;
+    const CERTNameConstraint *current;
 
     PORT_Assert(constraints);  /* caller should not call with NULL */
     if (!constraints) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
     current = constraints;
     do {
         rv = SECSuccess;
@@ skipping 97 matching lines @@
         case certRegisterID:    /* type 9 */
             matched = excluded ? SECFailure : SECSuccess;
             break;
 
         default: /* non-standard types are not supported */
             rv = SECFailure;
             break;
         }
         if (matched == SECSuccess || rv != SECSuccess)
             break;
-        current = CERT_GetNextNameConstraint(current);
+        current = CERT_GetNextNameConstraint((CERTNameConstraint*)current);
     } while (current != constraints);
     if (rv == SECSuccess) {
         if (matched == SECSuccess) 
             rv = excluded ? SECFailure : SECSuccess;
         else
             rv = excluded ? SECSuccess : SECFailure;
         return rv;
     }
 
     return SECFailure;
@@ skipping 80 matching lines @@
     }
 
     return rv;
 }
 
 /* Verify name against all the constraints relevant to that type of
 ** the name.
 */
 SECStatus
 CERT_CheckNameSpace(PRArenaPool          *arena,
-                    CERTNameConstraints  *constraints,
-                    CERTGeneralName      *currentName)
+                    const CERTNameConstraints *constraints,
+                    const CERTGeneralName     *currentName)
 {
     CERTNameConstraint  *matchingConstraints;
     SECStatus            rv = SECSuccess;
     
     if (constraints->excluded != NULL) {
         rv = CERT_GetNameConstraintByType(constraints->excluded, 
                                           currentName->type, 
                                           &matchingConstraints, arena);
         if (rv == SECSuccess && matchingConstraints != NULL) {
             rv = cert_CompareNameWithConstraints(currentName, 
@@ skipping 272 matching lines @@
             break;
         }
         list->name = cert_CombineNamesLists(list->name, name);
         list->len++;
 done:
         PZ_Unlock(list->lock);
     }
     return;
 }
 #endif