| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 /* | 5 /* |
| 6 * Implementation of OCSP services, for both client and server. | 6 * Implementation of OCSP services, for both client and server. |
| 7 * (XXX, really, mostly just for client right now, but intended to do both.) | 7 * (XXX, really, mostly just for client right now, but intended to do both.) |
| 8 */ | 8 */ |
| 9 | 9 |
| 10 #include "prerror.h" | 10 #include "prerror.h" |
| 11 #include "prprf.h" | 11 #include "prprf.h" |
| 12 #include "plarena.h" | 12 #include "plarena.h" |
| 13 #include "prnetdb.h" | 13 #include "prnetdb.h" |
| 14 | 14 |
| 15 #include "seccomon.h" | 15 #include "seccomon.h" |
| 16 #include "secitem.h" | 16 #include "secitem.h" |
| 17 #include "secoidt.h" | 17 #include "secoidt.h" |
| 18 #include "secasn1.h" | 18 #include "secasn1.h" |
| 19 #include "secder.h" | 19 #include "secder.h" |
| 20 #include "cert.h" | 20 #include "cert.h" |
| 21 #include "certi.h" |
| 21 #include "xconst.h" | 22 #include "xconst.h" |
| 22 #include "secerr.h" | 23 #include "secerr.h" |
| 23 #include "secoid.h" | 24 #include "secoid.h" |
| 24 #include "hasht.h" | 25 #include "hasht.h" |
| 25 #include "sechash.h" | 26 #include "sechash.h" |
| 26 #include "secasn1.h" | 27 #include "secasn1.h" |
| 27 #include "plbase64.h" | 28 #include "plbase64.h" |
| 28 #include "keyhi.h" | 29 #include "keyhi.h" |
| 29 #include "cryptohi.h" | 30 #include "cryptohi.h" |
| 30 #include "ocsp.h" | 31 #include "ocsp.h" |
| (...skipping 4146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4177 */ | 4178 */ |
| 4178 if (ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) { | 4179 if (ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) { |
| 4179 rv = SECSuccess; | 4180 rv = SECSuccess; |
| 4180 } else { | 4181 } else { |
| 4181 SECCertUsage certUsage; | 4182 SECCertUsage certUsage; |
| 4182 if (CERT_IsCACert(signerCert, NULL)) { | 4183 if (CERT_IsCACert(signerCert, NULL)) { |
| 4183 certUsage = certUsageAnyCA; | 4184 certUsage = certUsageAnyCA; |
| 4184 } else { | 4185 } else { |
| 4185 certUsage = certUsageStatusResponder; | 4186 certUsage = certUsageStatusResponder; |
| 4186 } | 4187 } |
| 4187 rv = CERT_VerifyCert(handle, signerCert, PR_TRUE, | 4188 rv = cert_VerifyCertWithFlags(handle, signerCert, PR_TRUE, certUsage, |
| 4188 certUsage, producedAt, pwArg, NULL); | 4189 producedAt, CERT_VERIFYCERT_SKIP_OCSP, |
| 4190 pwArg, NULL); |
| 4189 if (rv != SECSuccess) { | 4191 if (rv != SECSuccess) { |
| 4190 PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT); | 4192 PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT); |
| 4191 goto finish; | 4193 goto finish; |
| 4192 } | 4194 } |
| 4193 } | 4195 } |
| 4194 | 4196 |
| 4195 rv = ocsp_VerifyResponseSignature(signerCert, signature, | 4197 rv = ocsp_VerifyResponseSignature(signerCert, signature, |
| 4196 tbsResponseDataDER, | 4198 tbsResponseDataDER, |
| 4197 pwArg); | 4199 pwArg); |
| 4198 | 4200 |
| (...skipping 879 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5078 return SECFailure; | 5080 return SECFailure; |
| 5079 rv = ocsp_GetCachedOCSPResponseStatus( | 5081 rv = ocsp_GetCachedOCSPResponseStatus( |
| 5080 certID, time, PR_FALSE, /* ignoreGlobalOcspFailureSetting */ | 5082 certID, time, PR_FALSE, /* ignoreGlobalOcspFailureSetting */ |
| 5081 &rvOcsp, &cachedErrorCode, &cachedResponseFreshness); | 5083 &rvOcsp, &cachedErrorCode, &cachedResponseFreshness); |
| 5082 if (rv != SECSuccess) { | 5084 if (rv != SECSuccess) { |
| 5083 CERT_DestroyOCSPCertID(certID); | 5085 CERT_DestroyOCSPCertID(certID); |
| 5084 return SECFailure; | 5086 return SECFailure; |
| 5085 } | 5087 } |
| 5086 if (cachedResponseFreshness == ocspFresh) { | 5088 if (cachedResponseFreshness == ocspFresh) { |
| 5087 CERT_DestroyOCSPCertID(certID); | 5089 CERT_DestroyOCSPCertID(certID); |
| 5090 if (rvOcsp != SECSuccess) { |
| 5091 PORT_SetError(cachedErrorCode); |
| 5092 } |
| 5088 return rvOcsp; | 5093 return rvOcsp; |
| 5089 } | 5094 } |
| 5090 | 5095 |
| 5091 rv = ocsp_GetOCSPStatusFromNetwork(handle, certID, cert, time, pwArg, | 5096 rv = ocsp_GetOCSPStatusFromNetwork(handle, certID, cert, time, pwArg, |
| 5092 &certIDWasConsumed, | 5097 &certIDWasConsumed, |
| 5093 &rvOcsp); | 5098 &rvOcsp); |
| 5094 if (rv != SECSuccess) { | 5099 if (rv != SECSuccess) { |
| 5095 PRErrorCode err = PORT_GetError(); | 5100 PRErrorCode err = PORT_GetError(); |
| 5096 if (ocsp_FetchingFailureIsVerificationFailure()) { | 5101 if (ocsp_FetchingFailureIsVerificationFailure()) { |
| 5097 PORT_SetError(err); | 5102 PORT_SetError(err); |
| (...skipping 1071 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6169 case ocspResponse_unauthorized: | 6174 case ocspResponse_unauthorized: |
| 6170 PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST); | 6175 PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST); |
| 6171 break; | 6176 break; |
| 6172 case ocspResponse_unused: | 6177 case ocspResponse_unused: |
| 6173 default: | 6178 default: |
| 6174 PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS); | 6179 PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS); |
| 6175 break; | 6180 break; |
| 6176 } | 6181 } |
| 6177 return SECFailure; | 6182 return SECFailure; |
| 6178 } | 6183 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 170823003:
Update to NSS 3.15.5 and NSPR 4.10.3. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/