diff options
author | kaie%kuix.de <devnull@localhost> | 2004-07-27 21:40:03 +0000 |
---|---|---|
committer | kaie%kuix.de <devnull@localhost> | 2004-07-27 21:40:03 +0000 |
commit | 61ca8df473245a4775450ebbb54a60d149e03832 (patch) | |
tree | f2d83ec9af032cf712feadfce83b71e9743d67d0 | |
parent | 2042ecfd242b35f3c60696e6a15c2abad15e70d6 (diff) | |
download | nss-hg-AVIARY_20040809_MERGEPOINT.tar.gz |
b=249004 Do not import invalid/untrusted certs, prevent a DoS that disables SSL connections to trusted peers.AVIARY_20040809_MERGEPOINT
r=relyea sr=jst/brendan a=chofmann
-rw-r--r-- | security/nss/lib/certdb/certdb.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 798a5ffe3..fee8ac903 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -1136,6 +1136,7 @@ CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA; break; case certUsageAnyCA: + case certUsageVerifyCA: case certUsageStatusResponder: requiredKeyUsage = KU_KEY_CERT_SIGN; requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA | |