b=249004 Do not import invalid/untrusted certs, prevent a DoS that disables SSL connections to trusted peers.AVIARY_20040809_MERGEPOINT

r=relyea sr=jst/brendan a=chofmann
author: kaie%kuix.de <devnull@localhost> 2004-07-27 21:40:03 +0000
committer: kaie%kuix.de <devnull@localhost> 2004-07-27 21:40:03 +0000
commit: 61ca8df473245a4775450ebbb54a60d149e03832 (patch)
tree: f2d83ec9af032cf712feadfce83b71e9743d67d0
parent: 2042ecfd242b35f3c60696e6a15c2abad15e70d6 (diff)
download: nss-hg-AVIARY_20040809_MERGEPOINT.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c
index 798a5ffe3..fee8ac903 100644
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -1136,6 +1136,7 @@ CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage,
 	    requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA;
 	    break;
 	  case certUsageAnyCA:
+	  case certUsageVerifyCA:
 	  case certUsageStatusResponder:
 	    requiredKeyUsage = KU_KEY_CERT_SIGN;
 	    requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA |
author	kaie%kuix.de <devnull@localhost>	2004-07-27 21:40:03 +0000
committer	kaie%kuix.de <devnull@localhost>	2004-07-27 21:40:03 +0000
commit	61ca8df473245a4775450ebbb54a60d149e03832 (patch)
tree	f2d83ec9af032cf712feadfce83b71e9743d67d0
parent	2042ecfd242b35f3c60696e6a15c2abad15e70d6 (diff)
download	nss-hg-AVIARY_20040809_MERGEPOINT.tar.gz