Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(293)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/cmpcert.c

Issue 1844813002: Uprev NSS to 3.23 on iOS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: One more GN fix Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/ssl/bodge/secitem_array.c ('k') | net/third_party/nss/ssl/derive.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * NSS utility functions 2 * NSS utility functions
3 * 3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public 4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 7
8 #include <stdio.h> 8 #include <stdio.h>
9 #include <string.h> 9 #include <string.h>
10 #include "prerror.h" 10 #include "prerror.h"
11 #include "secitem.h" 11 #include "secitem.h"
12 #include "prnetdb.h" 12 #include "prnetdb.h"
13 #include "cert.h" 13 #include "cert.h"
14 #include "nspr.h" 14 #include "nspr.h"
15 #include "secder.h" 15 #include "secder.h"
16 #include "key.h" 16 #include "key.h"
17 #include "nss.h" 17 #include "nss.h"
18 18
19 /* 19 /*
20 * Look to see if any of the signers in the cert chain for "cert" are found 20 * Look to see if any of the signers in the cert chain for "cert" are found
21 * in the list of caNames. 21 * in the list of caNames.
22 * Returns SECSuccess if so, SECFailure if not. 22 * Returns SECSuccess if so, SECFailure if not.
23 */ 23 */
24 SECStatus 24 SECStatus
25 NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) 25 NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
26 { 26 {
27 SECItem * caname; 27 SECItem *caname;
28 CERTCertificate * curcert; 28 CERTCertificate *curcert;
29 CERTCertificate * oldcert; 29 CERTCertificate *oldcert;
30 PRInt32 contentlen; 30 PRInt32 contentlen;
31 int j; 31 int j;
32 int headerlen; 32 int headerlen;
33 int depth; 33 int depth;
34 SECStatus rv; 34 SECStatus rv;
35 SECItem issuerName; 35 SECItem issuerName;
36 SECItem compatIssuerName; 36 SECItem compatIssuerName;
37 37
38 if (!cert || !caNames || !caNames->nnames || !caNames->names || 38 if (!cert || !caNames || !caNames->nnames || !caNames->names ||
39 !caNames->names->data) 39 !caNames->names->data)
40 return SECFailure; 40 return SECFailure;
41 depth=0; 41 depth = 0;
42 curcert = CERT_DupCertificate(cert); 42 curcert = CERT_DupCertificate(cert);
43 43
44 while( curcert ) { 44 while (curcert) {
45 issuerName = curcert->derIssuer; 45 issuerName = curcert->derIssuer;
46 46
47 /* compute an alternate issuer name for compatibility with 2.0 47 /* compute an alternate issuer name for compatibility with 2.0
48 * enterprise server, which send the CA names without 48 * enterprise server, which send the CA names without
49 * the outer layer of DER header 49 * the outer layer of DER header
50 */ 50 */
51 rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen); 51 rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen);
52 if ( rv == SECSuccess ) { 52 if (rv == SECSuccess) {
53 compatIssuerName.data = &issuerName.data[headerlen]; 53 compatIssuerName.data = &issuerName.data[headerlen];
54 compatIssuerName.len = issuerName.len - headerlen; 54 compatIssuerName.len = issuerName.len - headerlen;
55 } else { 55 } else {
56 compatIssuerName.data = NULL; 56 compatIssuerName.data = NULL;
57 compatIssuerName.len = 0; 57 compatIssuerName.len = 0;
58 }
59
60 for (j = 0; j < caNames->nnames; j++) {
61 caname = &caNames->names[j];
62 if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
63 rv = SECSuccess;
64 CERT_DestroyCertificate(curcert);
65 goto done;
66 } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqua l) {
67 rv = SECSuccess;
68 CERT_DestroyCertificate(curcert);
69 goto done;
70 }
71 }
72 if ((depth <= 20) &&
73 (SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) !=
74 SECEqual)) {
75 oldcert = curcert;
76 curcert = CERT_FindCertByName(curcert->dbhandle,
77 &curcert->derIssuer);
78 CERT_DestroyCertificate(oldcert);
79 depth++;
80 } else {
81 CERT_DestroyCertificate(curcert);
82 curcert = NULL;
83 }
58 } 84 }
59 85 rv = SECFailure;
60 for (j = 0; j < caNames->nnames; j++) { 86
61 caname = &caNames->names[j];
62 if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
63 » rv = SECSuccess;
64 » CERT_DestroyCertificate(curcert);
65 » goto done;
66 } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
67 » rv = SECSuccess;
68 » CERT_DestroyCertificate(curcert);
69 » goto done;
70 }
71 }
72 if ( ( depth <= 20 ) &&
73 » ( SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject)
74 » != SECEqual ) ) {
75 oldcert = curcert;
76 curcert = CERT_FindCertByName(curcert->dbhandle,
77 » » » » &curcert->derIssuer);
78 CERT_DestroyCertificate(oldcert);
79 depth++;
80 } else {
81 CERT_DestroyCertificate(curcert);
82 curcert = NULL;
83 }
84 }
85 rv = SECFailure;
86
87 done: 87 done:
88 return rv; 88 return rv;
89 } 89 }
90
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/bodge/secitem_array.c ('k') | net/third_party/nss/ssl/derive.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698