Index: net/third_party/nss/ssl/cmpcert.c |
diff --git a/net/third_party/nss/ssl/cmpcert.c b/net/third_party/nss/ssl/cmpcert.c |
index 6d8423822d51579f7aca9f95e4fe016523b85670..e6edbee83e11634037457fdc32198f6be8f9b025 100644 |
--- a/net/third_party/nss/ssl/cmpcert.c |
+++ b/net/third_party/nss/ssl/cmpcert.c |
@@ -18,73 +18,72 @@ |
/* |
* Look to see if any of the signers in the cert chain for "cert" are found |
- * in the list of caNames. |
+ * in the list of caNames. |
* Returns SECSuccess if so, SECFailure if not. |
*/ |
SECStatus |
NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) |
{ |
- SECItem * caname; |
- CERTCertificate * curcert; |
- CERTCertificate * oldcert; |
- PRInt32 contentlen; |
- int j; |
- int headerlen; |
- int depth; |
- SECStatus rv; |
- SECItem issuerName; |
- SECItem compatIssuerName; |
+ SECItem *caname; |
+ CERTCertificate *curcert; |
+ CERTCertificate *oldcert; |
+ PRInt32 contentlen; |
+ int j; |
+ int headerlen; |
+ int depth; |
+ SECStatus rv; |
+ SECItem issuerName; |
+ SECItem compatIssuerName; |
- if (!cert || !caNames || !caNames->nnames || !caNames->names || |
- !caNames->names->data) |
- return SECFailure; |
- depth=0; |
- curcert = CERT_DupCertificate(cert); |
- |
- while( curcert ) { |
- issuerName = curcert->derIssuer; |
- |
- /* compute an alternate issuer name for compatibility with 2.0 |
- * enterprise server, which send the CA names without |
- * the outer layer of DER header |
- */ |
- rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen); |
- if ( rv == SECSuccess ) { |
- compatIssuerName.data = &issuerName.data[headerlen]; |
- compatIssuerName.len = issuerName.len - headerlen; |
- } else { |
- compatIssuerName.data = NULL; |
- compatIssuerName.len = 0; |
- } |
- |
- for (j = 0; j < caNames->nnames; j++) { |
- caname = &caNames->names[j]; |
- if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) { |
- rv = SECSuccess; |
- CERT_DestroyCertificate(curcert); |
- goto done; |
- } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) { |
- rv = SECSuccess; |
- CERT_DestroyCertificate(curcert); |
- goto done; |
- } |
- } |
- if ( ( depth <= 20 ) && |
- ( SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) |
- != SECEqual ) ) { |
- oldcert = curcert; |
- curcert = CERT_FindCertByName(curcert->dbhandle, |
- &curcert->derIssuer); |
- CERT_DestroyCertificate(oldcert); |
- depth++; |
- } else { |
- CERT_DestroyCertificate(curcert); |
- curcert = NULL; |
+ if (!cert || !caNames || !caNames->nnames || !caNames->names || |
+ !caNames->names->data) |
+ return SECFailure; |
+ depth = 0; |
+ curcert = CERT_DupCertificate(cert); |
+ |
+ while (curcert) { |
+ issuerName = curcert->derIssuer; |
+ |
+ /* compute an alternate issuer name for compatibility with 2.0 |
+ * enterprise server, which send the CA names without |
+ * the outer layer of DER header |
+ */ |
+ rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen); |
+ if (rv == SECSuccess) { |
+ compatIssuerName.data = &issuerName.data[headerlen]; |
+ compatIssuerName.len = issuerName.len - headerlen; |
+ } else { |
+ compatIssuerName.data = NULL; |
+ compatIssuerName.len = 0; |
+ } |
+ |
+ for (j = 0; j < caNames->nnames; j++) { |
+ caname = &caNames->names[j]; |
+ if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) { |
+ rv = SECSuccess; |
+ CERT_DestroyCertificate(curcert); |
+ goto done; |
+ } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) { |
+ rv = SECSuccess; |
+ CERT_DestroyCertificate(curcert); |
+ goto done; |
+ } |
+ } |
+ if ((depth <= 20) && |
+ (SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) != |
+ SECEqual)) { |
+ oldcert = curcert; |
+ curcert = CERT_FindCertByName(curcert->dbhandle, |
+ &curcert->derIssuer); |
+ CERT_DestroyCertificate(oldcert); |
+ depth++; |
+ } else { |
+ CERT_DestroyCertificate(curcert); |
+ curcert = NULL; |
+ } |
} |
- } |
- rv = SECFailure; |
- |
+ rv = SECFailure; |
+ |
done: |
- return rv; |
+ return rv; |
} |
- |