Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(513)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c

Issue 195763027: Update NSS to NSS_3_16_RC0. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Use the RTM tag Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « nss/lib/libpkix/pkix/certsel/pkix_certselector.c ('k') | nss/lib/libpkix/pkix/params/pkix_trustanchor.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /* 4 /*
5 * pkix_nameconstraintschecker.c 5 * pkix_nameconstraintschecker.c
6 * 6 *
7 * Functions for Name Constraints Checkers 7 * Functions for Name Constraints Checkers
8 * 8 *
9 */ 9 */
10 10
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after
160 PKIX_CertChainChecker *checker, 160 PKIX_CertChainChecker *checker,
161 PKIX_PL_Cert *cert, 161 PKIX_PL_Cert *cert,
162 PKIX_List *unresolvedCriticalExtensions, 162 PKIX_List *unresolvedCriticalExtensions,
163 void **pNBIOContext, 163 void **pNBIOContext,
164 void *plContext) 164 void *plContext)
165 { 165 {
166 pkix_NameConstraintsCheckerState *state = NULL; 166 pkix_NameConstraintsCheckerState *state = NULL;
167 PKIX_PL_CertNameConstraints *nameConstraints = NULL; 167 PKIX_PL_CertNameConstraints *nameConstraints = NULL;
168 PKIX_PL_CertNameConstraints *mergedNameConstraints = NULL; 168 PKIX_PL_CertNameConstraints *mergedNameConstraints = NULL;
169 PKIX_Boolean selfIssued = PKIX_FALSE; 169 PKIX_Boolean selfIssued = PKIX_FALSE;
170 PKIX_Boolean lastCert = PKIX_FALSE;
170 171
171 PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Check"); 172 PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Check");
172 PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); 173 PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
173 174
174 *pNBIOContext = NULL; /* we never block on pending I/O */ 175 *pNBIOContext = NULL; /* we never block on pending I/O */
175 176
176 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState 177 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
177 (checker, (PKIX_PL_Object **)&state, plContext), 178 (checker, (PKIX_PL_Object **)&state, plContext),
178 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); 179 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
179 180
180 state->certsRemaining--; 181 state->certsRemaining--;
182 lastCert = state->certsRemaining == 0;
181 183
182 /* Get status of self issued */ 184 /* Get status of self issued */
183 PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext), 185 PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext),
184 PKIX_ISCERTSELFISSUEDFAILED); 186 PKIX_ISCERTSELFISSUEDFAILED);
185 187
186 /* Check on non self-issued and if so only for last cert */ 188 /* Check on non self-issued and if so only for last cert */
187 if (selfIssued == PKIX_FALSE || 189 if (selfIssued == PKIX_FALSE ||
188 (selfIssued == PKIX_TRUE && state->certsRemaining == 0)) { 190 (selfIssued == PKIX_TRUE && lastCert)) {
189 PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints 191 PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints
190 (cert, state->nameConstraints, plContext), 192 (cert, state->nameConstraints, lastCert,
193 plContext),
191 PKIX_CERTCHECKNAMECONSTRAINTSFAILED); 194 PKIX_CERTCHECKNAMECONSTRAINTSFAILED);
192 } 195 }
193 196
194 if (state->certsRemaining != 0) { 197 if (!lastCert) {
195 198
196 PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints 199 PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
197 (cert, &nameConstraints, plContext), 200 (cert, &nameConstraints, plContext),
198 PKIX_CERTGETNAMECONSTRAINTSFAILED); 201 PKIX_CERTGETNAMECONSTRAINTSFAILED);
199 202
200 /* Merge with previous name constraints kept in state */ 203 /* Merge with previous name constraints kept in state */
201 204
202 if (nameConstraints != NULL) { 205 if (nameConstraints != NULL) {
203 206
204 if (state->nameConstraints == NULL) { 207 if (state->nameConstraints == NULL) {
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after
296 pChecker, 299 pChecker,
297 plContext), 300 plContext),
298 PKIX_CERTCHAINCHECKERCREATEFAILED); 301 PKIX_CERTCHAINCHECKERCREATEFAILED);
299 302
300 cleanup: 303 cleanup:
301 304
302 PKIX_DECREF(state); 305 PKIX_DECREF(state);
303 306
304 PKIX_RETURN(CERTCHAINCHECKER); 307 PKIX_RETURN(CERTCHAINCHECKER);
305 } 308 }
OLDNEW
« no previous file with comments | « nss/lib/libpkix/pkix/certsel/pkix_certselector.c ('k') | nss/lib/libpkix/pkix/params/pkix_trustanchor.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698