Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(10)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/certdb/certdb.c

Issue 195763027: Update NSS to NSS_3_16_RC0. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Use the RTM tag Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « nss.gyp ('k') | nss/lib/certhigh/certvfy.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 4
5 /* 5 /*
6 * Certificate handling code 6 * Certificate handling code
7 */ 7 */
8 8
9 #include "nssilock.h" 9 #include "nssilock.h"
10 #include "prmon.h" 10 #include "prmon.h"
(...skipping 1363 matching lines...) Expand 10 before | Expand all | Expand 10 after
1374 1374
1375 if ( match == 0 ) { 1375 if ( match == 0 ) {
1376 rv = SECSuccess; 1376 rv = SECSuccess;
1377 } else { 1377 } else {
1378 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); 1378 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
1379 rv = SECFailure; 1379 rv = SECFailure;
1380 } 1380 }
1381 return rv; 1381 return rv;
1382 } 1382 }
1383 } else { 1383 } else {
1384 » /* New approach conforms to RFC 2818. */ 1384 » /* New approach conforms to RFC 6125. */
1385 char *wildcard = PORT_Strchr(cn, '*'); 1385 char *wildcard = PORT_Strchr(cn, '*');
1386 char *firstcndot = PORT_Strchr(cn, '.'); 1386 char *firstcndot = PORT_Strchr(cn, '.');
1387 char *secondcndot = firstcndot ? PORT_Strchr(firstcndot+1, '.') : NULL; 1387 char *secondcndot = firstcndot ? PORT_Strchr(firstcndot+1, '.') : NULL;
1388 char *firsthndot = PORT_Strchr(hn, '.'); 1388 char *firsthndot = PORT_Strchr(hn, '.');
1389 1389
1390 /* For a cn pattern to be considered valid, the wildcard character... 1390 /* For a cn pattern to be considered valid, the wildcard character...
1391 * - may occur only in a DNS name with at least 3 components, and 1391 * - may occur only in a DNS name with at least 3 components, and
1392 * - may occur only as last character in the first component, and 1392 * - may occur only as last character in the first component, and
1393 » * - may be preceded by additional characters 1393 » * - may be preceded by additional characters, and
1394 » * - must not be preceded by an IDNA ACE prefix (xn--)
1394 */ 1395 */
1395 if (wildcard && secondcndot && secondcndot[1] && firsthndot 1396 if (wildcard && secondcndot && secondcndot[1] && firsthndot
1396 » && firstcndot - wildcard == 1 1397 » && firstcndot - wildcard == 1 /* wildcard is last char in first co mponent */
1397 » && secondcndot - firstcndot > 1 1398 » && secondcndot - firstcndot > 1 /* second component is non-empty */
1398 » && PORT_Strrchr(cn, '*') == wildcard 1399 » && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
1399 && !PORT_Strncasecmp(cn, hn, wildcard - cn) 1400 && !PORT_Strncasecmp(cn, hn, wildcard - cn)
1400 » && !PORT_Strcasecmp(firstcndot, firsthndot)) { 1401 » && !PORT_Strcasecmp(firstcndot, firsthndot)
1402 » /* If hn starts with xn--, then cn must start with wildcard */
1403 » && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) {
1401 /* valid wildcard pattern match */ 1404 /* valid wildcard pattern match */
1402 return SECSuccess; 1405 return SECSuccess;
1403 } 1406 }
1404 } 1407 }
1405 /* String cn has no wildcard or shell expression. 1408 /* String cn has no wildcard or shell expression.
1406 * Compare entire string hn with cert name. 1409 * Compare entire string hn with cert name.
1407 */ 1410 */
1408 if (PORT_Strcasecmp(hn, cn) == 0) { 1411 if (PORT_Strcasecmp(hn, cn) == 0) {
1409 return SECSuccess; 1412 return SECSuccess;
1410 } 1413 }
(...skipping 1852 matching lines...) Expand 10 before | Expand all | Expand 10 after
3263 CERTCertificate *cert = NULL; 3266 CERTCertificate *cert = NULL;
3264 SECItem *derCert; 3267 SECItem *derCert;
3265 3268
3266 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); 3269 derCert = cert_FindDERCertBySubjectKeyID(subjKeyID);
3267 if (derCert) { 3270 if (derCert) {
3268 cert = CERT_FindCertByDERCert(handle, derCert); 3271 cert = CERT_FindCertByDERCert(handle, derCert);
3269 SECITEM_FreeItem(derCert, PR_TRUE); 3272 SECITEM_FreeItem(derCert, PR_TRUE);
3270 } 3273 }
3271 return cert; 3274 return cert;
3272 } 3275 }
OLDNEW
« no previous file with comments | « nss.gyp ('k') | nss/lib/certhigh/certvfy.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698