nss/lib/libpkix/pkix/certsel/pkix_certselector.c - Issue 195763027: Update NSS to NSS_3_16_RC0. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(1856)

My Issues | Starred Open | Closed | All

Unified Diff: nss/lib/libpkix/pkix/certsel/pkix_certselector.c

Issue 195763027: Update NSS to NSS_3_16_RC0. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/

Patch Set: Use the RTM tag Created 6 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « nss/lib/libpkix/include/pkix_pl_pki.h ('k') | nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: nss/lib/libpkix/pkix/certsel/pkix_certselector.c

===================================================================

--- nss/lib/libpkix/pkix/certsel/pkix_certselector.c (revision 256695)

+++ nss/lib/libpkix/pkix/certsel/pkix_certselector.c (working copy)

@@ -425,9 +425,13 @@

PKIX_COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED);

if (nameConstraints != NULL) {

-

+ /* As only the end-entity certificate should have

+ * the common name constrained as if it was a dNSName,

+ * do not constrain the common name when building a

+ * forward path.

+ */

PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints

- (cert, nameConstraints, plContext),

+ (cert, nameConstraints, PKIX_FALSE, plContext),

PKIX_CERTCHECKNAMECONSTRAINTSFAILED);

}

« no previous file with comments | « nss/lib/libpkix/include/pkix_pl_pki.h ('k') | nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698