Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(374)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/certhigh/certvfy.c

Issue 70673004: Update to NSS 3.15.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Update to NSS 3.15.3 Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « nss/lib/certdb/certt.h ('k') | nss/lib/certhigh/ocsp.c » ('j') | nss/lib/certhigh/ocsp.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 #include "nspr.h" 4 #include "nspr.h"
5 #include "secerr.h" 5 #include "secerr.h"
6 #include "secport.h" 6 #include "secport.h"
7 #include "seccomon.h" 7 #include "seccomon.h"
8 #include "secoid.h" 8 #include "secoid.h"
9 #include "sslerr.h" 9 #include "sslerr.h"
10 #include "genname.h" 10 #include "genname.h"
(...skipping 1337 matching lines...) Expand 10 before | Expand all | Expand 10 after
1348 if ( !( certType & requiredCertType ) ) { 1348 if ( !( certType & requiredCertType ) ) {
1349 PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE); 1349 PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE);
1350 LOG_ERROR_OR_EXIT(log,cert,0,requiredCertType); 1350 LOG_ERROR_OR_EXIT(log,cert,0,requiredCertType);
1351 } 1351 }
1352 1352
1353 rv = cert_CheckLeafTrust(cert,certUsage, &flags, &trusted); 1353 rv = cert_CheckLeafTrust(cert,certUsage, &flags, &trusted);
1354 if (rv == SECFailure) { 1354 if (rv == SECFailure) {
1355 PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); 1355 PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
1356 LOG_ERROR_OR_EXIT(log,cert,0,flags); 1356 LOG_ERROR_OR_EXIT(log,cert,0,flags);
1357 } else if (trusted) { 1357 } else if (trusted) {
1358 » goto winner; 1358 » goto done;
1359 } 1359 }
1360 1360
1361 1361
1362 rv = CERT_VerifyCertChain(handle, cert, checkSig, certUsage, 1362 rv = CERT_VerifyCertChain(handle, cert, checkSig, certUsage,
1363 t, wincx, log); 1363 t, wincx, log);
1364 if (rv != SECSuccess) { 1364 if (rv != SECSuccess) {
1365 EXIT_IF_NOT_LOGGING(log); 1365 EXIT_IF_NOT_LOGGING(log);
1366 } 1366 }
1367 1367
1368 /* 1368 /*
1369 * Check revocation status, but only if the cert we are checking 1369 * Check revocation status, but only if the cert we are checking
1370 * is not a status reponder itself. We only do this in the case 1370 * is not a status reponder itself. We only do this in the case
1371 * where we checked the cert chain (above); explicit trust "wins" 1371 * where we checked the cert chain (above); explicit trust "wins"
1372 * (avoids status checking, just as it avoids CRL checking, which 1372 * (avoids status checking, just as it avoids CRL checking, which
1373 * is all done inside VerifyCertChain) by bypassing this code. 1373 * is all done inside VerifyCertChain) by bypassing this code.
1374 */ 1374 */
1375 statusConfig = CERT_GetStatusConfig(handle); 1375 statusConfig = CERT_GetStatusConfig(handle);
1376 if (certUsage != certUsageStatusResponder && statusConfig != NULL) { 1376 if (certUsage != certUsageStatusResponder && statusConfig != NULL) {
1377 if (statusConfig->statusChecker != NULL) { 1377 if (statusConfig->statusChecker != NULL) {
1378 rv = (* statusConfig->statusChecker)(handle, cert, 1378 rv = (* statusConfig->statusChecker)(handle, cert,
1379 t, wincx); 1379 t, wincx);
1380 if (rv != SECSuccess) { 1380 if (rv != SECSuccess) {
1381 LOG_ERROR_OR_EXIT(log,cert,0,0); 1381 LOG_ERROR_OR_EXIT(log,cert,0,0);
1382 } 1382 }
1383 } 1383 }
1384 } 1384 }
1385 1385
1386 winner: 1386 done:
1387 if (log && log->head) {
1388 return SECFailure;
1389 }
1387 return(SECSuccess); 1390 return(SECSuccess);
1388 1391
1389 loser: 1392 loser:
1390 rv = SECFailure; 1393 rv = SECFailure;
1391 1394
1392 return(rv); 1395 return(rv);
1393 } 1396 }
1394 1397
1395 /* 1398 /*
1396 * verify a certificate by checking if its valid and that we 1399 * verify a certificate by checking if its valid and that we
(...skipping 466 matching lines...) Expand 10 before | Expand all | Expand 10 after
1863 return chain; 1866 return chain;
1864 } 1867 }
1865 1868
1866 cert = CERT_FindCertIssuer(cert, time, usage); 1869 cert = CERT_FindCertIssuer(cert, time, usage);
1867 } 1870 }
1868 1871
1869 /* return partial chain */ 1872 /* return partial chain */
1870 PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); 1873 PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
1871 return chain; 1874 return chain;
1872 } 1875 }
OLDNEW
« no previous file with comments | « nss/lib/certdb/certt.h ('k') | nss/lib/certhigh/ocsp.c » ('j') | nss/lib/certhigh/ocsp.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698