OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 #include "nspr.h" | 4 #include "nspr.h" |
5 #include "secerr.h" | 5 #include "secerr.h" |
6 #include "secport.h" | 6 #include "secport.h" |
7 #include "seccomon.h" | 7 #include "seccomon.h" |
8 #include "secoid.h" | 8 #include "secoid.h" |
9 #include "sslerr.h" | 9 #include "sslerr.h" |
10 #include "genname.h" | 10 #include "genname.h" |
(...skipping 1337 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1348 if ( !( certType & requiredCertType ) ) { | 1348 if ( !( certType & requiredCertType ) ) { |
1349 PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE); | 1349 PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE); |
1350 LOG_ERROR_OR_EXIT(log,cert,0,requiredCertType); | 1350 LOG_ERROR_OR_EXIT(log,cert,0,requiredCertType); |
1351 } | 1351 } |
1352 | 1352 |
1353 rv = cert_CheckLeafTrust(cert,certUsage, &flags, &trusted); | 1353 rv = cert_CheckLeafTrust(cert,certUsage, &flags, &trusted); |
1354 if (rv == SECFailure) { | 1354 if (rv == SECFailure) { |
1355 PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); | 1355 PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); |
1356 LOG_ERROR_OR_EXIT(log,cert,0,flags); | 1356 LOG_ERROR_OR_EXIT(log,cert,0,flags); |
1357 } else if (trusted) { | 1357 } else if (trusted) { |
1358 » goto winner; | 1358 » goto done; |
1359 } | 1359 } |
1360 | 1360 |
1361 | 1361 |
1362 rv = CERT_VerifyCertChain(handle, cert, checkSig, certUsage, | 1362 rv = CERT_VerifyCertChain(handle, cert, checkSig, certUsage, |
1363 t, wincx, log); | 1363 t, wincx, log); |
1364 if (rv != SECSuccess) { | 1364 if (rv != SECSuccess) { |
1365 EXIT_IF_NOT_LOGGING(log); | 1365 EXIT_IF_NOT_LOGGING(log); |
1366 } | 1366 } |
1367 | 1367 |
1368 /* | 1368 /* |
1369 * Check revocation status, but only if the cert we are checking | 1369 * Check revocation status, but only if the cert we are checking |
1370 * is not a status reponder itself. We only do this in the case | 1370 * is not a status reponder itself. We only do this in the case |
1371 * where we checked the cert chain (above); explicit trust "wins" | 1371 * where we checked the cert chain (above); explicit trust "wins" |
1372 * (avoids status checking, just as it avoids CRL checking, which | 1372 * (avoids status checking, just as it avoids CRL checking, which |
1373 * is all done inside VerifyCertChain) by bypassing this code. | 1373 * is all done inside VerifyCertChain) by bypassing this code. |
1374 */ | 1374 */ |
1375 statusConfig = CERT_GetStatusConfig(handle); | 1375 statusConfig = CERT_GetStatusConfig(handle); |
1376 if (certUsage != certUsageStatusResponder && statusConfig != NULL) { | 1376 if (certUsage != certUsageStatusResponder && statusConfig != NULL) { |
1377 if (statusConfig->statusChecker != NULL) { | 1377 if (statusConfig->statusChecker != NULL) { |
1378 rv = (* statusConfig->statusChecker)(handle, cert, | 1378 rv = (* statusConfig->statusChecker)(handle, cert, |
1379 t, wincx); | 1379 t, wincx); |
1380 if (rv != SECSuccess) { | 1380 if (rv != SECSuccess) { |
1381 LOG_ERROR_OR_EXIT(log,cert,0,0); | 1381 LOG_ERROR_OR_EXIT(log,cert,0,0); |
1382 } | 1382 } |
1383 } | 1383 } |
1384 } | 1384 } |
1385 | 1385 |
1386 winner: | 1386 done: |
| 1387 if (log && log->head) { |
| 1388 return SECFailure; |
| 1389 } |
1387 return(SECSuccess); | 1390 return(SECSuccess); |
1388 | 1391 |
1389 loser: | 1392 loser: |
1390 rv = SECFailure; | 1393 rv = SECFailure; |
1391 | 1394 |
1392 return(rv); | 1395 return(rv); |
1393 } | 1396 } |
1394 | 1397 |
1395 /* | 1398 /* |
1396 * verify a certificate by checking if its valid and that we | 1399 * verify a certificate by checking if its valid and that we |
(...skipping 466 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1863 return chain; | 1866 return chain; |
1864 } | 1867 } |
1865 | 1868 |
1866 cert = CERT_FindCertIssuer(cert, time, usage); | 1869 cert = CERT_FindCertIssuer(cert, time, usage); |
1867 } | 1870 } |
1868 | 1871 |
1869 /* return partial chain */ | 1872 /* return partial chain */ |
1870 PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); | 1873 PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); |
1871 return chain; | 1874 return chain; |
1872 } | 1875 } |
OLD | NEW |