| Index: net/third_party/nss/ssl/cmpcert.c
|
| diff --git a/net/third_party/nss/ssl/cmpcert.c b/net/third_party/nss/ssl/cmpcert.c
|
| index 6d8423822d51579f7aca9f95e4fe016523b85670..e6edbee83e11634037457fdc32198f6be8f9b025 100644
|
| --- a/net/third_party/nss/ssl/cmpcert.c
|
| +++ b/net/third_party/nss/ssl/cmpcert.c
|
| @@ -18,73 +18,72 @@
|
|
|
| /*
|
| * Look to see if any of the signers in the cert chain for "cert" are found
|
| - * in the list of caNames.
|
| + * in the list of caNames.
|
| * Returns SECSuccess if so, SECFailure if not.
|
| */
|
| SECStatus
|
| NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
|
| {
|
| - SECItem * caname;
|
| - CERTCertificate * curcert;
|
| - CERTCertificate * oldcert;
|
| - PRInt32 contentlen;
|
| - int j;
|
| - int headerlen;
|
| - int depth;
|
| - SECStatus rv;
|
| - SECItem issuerName;
|
| - SECItem compatIssuerName;
|
| + SECItem *caname;
|
| + CERTCertificate *curcert;
|
| + CERTCertificate *oldcert;
|
| + PRInt32 contentlen;
|
| + int j;
|
| + int headerlen;
|
| + int depth;
|
| + SECStatus rv;
|
| + SECItem issuerName;
|
| + SECItem compatIssuerName;
|
|
|
| - if (!cert || !caNames || !caNames->nnames || !caNames->names ||
|
| - !caNames->names->data)
|
| - return SECFailure;
|
| - depth=0;
|
| - curcert = CERT_DupCertificate(cert);
|
| -
|
| - while( curcert ) {
|
| - issuerName = curcert->derIssuer;
|
| -
|
| - /* compute an alternate issuer name for compatibility with 2.0
|
| - * enterprise server, which send the CA names without
|
| - * the outer layer of DER header
|
| - */
|
| - rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen);
|
| - if ( rv == SECSuccess ) {
|
| - compatIssuerName.data = &issuerName.data[headerlen];
|
| - compatIssuerName.len = issuerName.len - headerlen;
|
| - } else {
|
| - compatIssuerName.data = NULL;
|
| - compatIssuerName.len = 0;
|
| - }
|
| -
|
| - for (j = 0; j < caNames->nnames; j++) {
|
| - caname = &caNames->names[j];
|
| - if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
|
| - rv = SECSuccess;
|
| - CERT_DestroyCertificate(curcert);
|
| - goto done;
|
| - } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
|
| - rv = SECSuccess;
|
| - CERT_DestroyCertificate(curcert);
|
| - goto done;
|
| - }
|
| - }
|
| - if ( ( depth <= 20 ) &&
|
| - ( SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject)
|
| - != SECEqual ) ) {
|
| - oldcert = curcert;
|
| - curcert = CERT_FindCertByName(curcert->dbhandle,
|
| - &curcert->derIssuer);
|
| - CERT_DestroyCertificate(oldcert);
|
| - depth++;
|
| - } else {
|
| - CERT_DestroyCertificate(curcert);
|
| - curcert = NULL;
|
| + if (!cert || !caNames || !caNames->nnames || !caNames->names ||
|
| + !caNames->names->data)
|
| + return SECFailure;
|
| + depth = 0;
|
| + curcert = CERT_DupCertificate(cert);
|
| +
|
| + while (curcert) {
|
| + issuerName = curcert->derIssuer;
|
| +
|
| + /* compute an alternate issuer name for compatibility with 2.0
|
| + * enterprise server, which send the CA names without
|
| + * the outer layer of DER header
|
| + */
|
| + rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen);
|
| + if (rv == SECSuccess) {
|
| + compatIssuerName.data = &issuerName.data[headerlen];
|
| + compatIssuerName.len = issuerName.len - headerlen;
|
| + } else {
|
| + compatIssuerName.data = NULL;
|
| + compatIssuerName.len = 0;
|
| + }
|
| +
|
| + for (j = 0; j < caNames->nnames; j++) {
|
| + caname = &caNames->names[j];
|
| + if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
|
| + rv = SECSuccess;
|
| + CERT_DestroyCertificate(curcert);
|
| + goto done;
|
| + } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
|
| + rv = SECSuccess;
|
| + CERT_DestroyCertificate(curcert);
|
| + goto done;
|
| + }
|
| + }
|
| + if ((depth <= 20) &&
|
| + (SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) !=
|
| + SECEqual)) {
|
| + oldcert = curcert;
|
| + curcert = CERT_FindCertByName(curcert->dbhandle,
|
| + &curcert->derIssuer);
|
| + CERT_DestroyCertificate(oldcert);
|
| + depth++;
|
| + } else {
|
| + CERT_DestroyCertificate(curcert);
|
| + curcert = NULL;
|
| + }
|
| }
|
| - }
|
| - rv = SECFailure;
|
| -
|
| + rv = SECFailure;
|
| +
|
| done:
|
| - return rv;
|
| + return rv;
|
| }
|
| -
|
|
|
Chromium Code Reviews
Issue 1844813002:
Uprev NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master