diff options
author | julien.pierre.boogz%sun.com <devnull@localhost> | 2007-11-21 21:37:05 +0000 |
---|---|---|
committer | julien.pierre.boogz%sun.com <devnull@localhost> | 2007-11-21 21:37:05 +0000 |
commit | 9b0a807c681398a1d572de76ca36f7df525f1d3e (patch) | |
tree | 6e1871030ad4ace7bd57500b1f7b576537506a9c | |
parent | 6d485446135918d23688d44345fafcb65bf63872 (diff) | |
download | nss-hg-9b0a807c681398a1d572de76ca36f7df525f1d3e.tar.gz |
Fix for bug 353577 . Remove NSS_CLASSIC code. r=nelson, wtc
-rw-r--r-- | security/nss/lib/certdb/certdb.c | 6 | ||||
-rw-r--r-- | security/nss/lib/certdb/certt.h | 4 | ||||
-rw-r--r-- | security/nss/lib/certhigh/certhigh.c | 94 | ||||
-rw-r--r-- | security/nss/lib/certhigh/certvfy.c | 85 |
4 files changed, 0 insertions, 189 deletions
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 3babb4510..276eb193a 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -1279,14 +1279,8 @@ CERTCertificate * CERT_DupCertificate(CERTCertificate *c) { if (c) { -#ifdef NSS_CLASSIC - CERT_LockCertRefCount(c); - ++c->referenceCount; - CERT_UnlockCertRefCount(c); -#else NSSCertificate *tmp = STAN_GetNSSCertificate(c); nssCertificate_AddRef(tmp); -#endif } return c; } diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h index 5b0db4c40..2bfa48b17 100644 --- a/security/nss/lib/certdb/certt.h +++ b/security/nss/lib/certdb/certt.h @@ -62,11 +62,7 @@ typedef struct CERTAttributeStr CERTAttribute; typedef struct CERTAuthInfoAccessStr CERTAuthInfoAccess; typedef struct CERTAuthKeyIDStr CERTAuthKeyID; typedef struct CERTBasicConstraintsStr CERTBasicConstraints; -#ifdef NSS_CLASSIC -typedef struct CERTCertDBHandleStr CERTCertDBHandle; -#else typedef struct NSSTrustDomainStr CERTCertDBHandle; -#endif typedef struct CERTCertExtensionStr CERTCertExtension; typedef struct CERTCertKeyStr CERTCertKey; typedef struct CERTCertListStr CERTCertList; diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c index f34844343..dabd0f393 100644 --- a/security/nss/lib/certhigh/certhigh.c +++ b/security/nss/lib/certhigh/certhigh.c @@ -938,99 +938,6 @@ CERTCertificateList * CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage, PRBool includeRoot) { -#ifdef NSS_CLASSIC - CERTCertificateList *chain = NULL; - CERTCertificate *c; - SECItem *p; - int rv, len = 0; - PRArenaPool *tmpArena, *arena; - certNode *head, *tail, *node; - - /* - * Initialize stuff so we can goto loser. - */ - head = NULL; - arena = NULL; - - /* arena for linked list */ - tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (tmpArena == NULL) goto no_memory; - - /* arena for SecCertificateList */ - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) goto no_memory; - - head = tail = (certNode*)PORT_ArenaZAlloc(tmpArena, sizeof(certNode)); - if (head == NULL) goto no_memory; - - /* put primary cert first in the linked list */ - head->cert = c = CERT_DupCertificate(cert); - if (head->cert == NULL) goto loser; - len++; - - /* add certs until we come to a self-signed one */ - while(SECITEM_CompareItem(&c->derIssuer, &c->derSubject) != SECEqual) { - c = CERT_FindCertIssuer(tail->cert, PR_Now(), usage); - if (c == NULL) { - /* no root is found, so make sure we don't attempt to delete one - * below - */ - includeRoot = PR_TRUE; - break; - } - - tail->next = (certNode*)PORT_ArenaZAlloc(tmpArena, sizeof(certNode)); - tail = tail->next; - if (tail == NULL) goto no_memory; - - tail->cert = c; - len++; - } - - /* now build the CERTCertificateList */ - chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList)); - if (chain == NULL) goto no_memory; - chain->certs = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem)); - if (chain->certs == NULL) goto no_memory; - - for(node = head, p = chain->certs; node; node = node->next, p++) { - rv = SECITEM_CopyItem(arena, p, &node->cert->derCert); - CERT_DestroyCertificate(node->cert); - node->cert = NULL; - if (rv < 0) goto loser; - } - if ( !includeRoot && len > 1) { - chain->len = len - 1; - } else { - chain->len = len; - } - - chain->arena = arena; - - PORT_FreeArena(tmpArena, PR_FALSE); - - return chain; - -no_memory: - PORT_SetError(SEC_ERROR_NO_MEMORY); -loser: - if (head != NULL) { - for (node = head; node; node = node->next) { - if (node->cert != NULL) - CERT_DestroyCertificate(node->cert); - } - } - - if (arena != NULL) { - PORT_FreeArena(arena, PR_FALSE); - } - - if (tmpArena != NULL) { - PORT_FreeArena(tmpArena, PR_FALSE); - } - - return NULL; -#else CERTCertificateList *chain = NULL; NSSCertificate **stanChain; NSSCertificate *stanCert; @@ -1112,7 +1019,6 @@ loser: PORT_FreeArena(arena, PR_FALSE); } return NULL; -#endif } /* Builds a CERTCertificateList holding just one DER-encoded cert, namely diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index 724400ea2..942fd9527 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -222,90 +222,6 @@ SEC_CheckCRL(CERTCertDBHandle *handle,CERTCertificate *cert, CERTCertificate * CERT_FindCertIssuer(CERTCertificate *cert, int64 validTime, SECCertUsage usage) { -#ifdef NSS_CLASSIC - CERTAuthKeyID * authorityKeyID = NULL; - CERTCertificate * issuerCert = NULL; - SECItem * caName; - PRArenaPool *tmpArena = NULL; - - tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if ( !tmpArena ) { - goto loser; - } - authorityKeyID = CERT_FindAuthKeyIDExten(tmpArena,cert); - - if ( authorityKeyID != NULL ) { - /* has the authority key ID extension */ - if ( authorityKeyID->keyID.data != NULL ) { - /* extension contains a key ID, so lookup based on it */ - issuerCert = CERT_FindCertByKeyID(cert->dbhandle, &cert->derIssuer, - &authorityKeyID->keyID); - if ( issuerCert == NULL ) { - PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER); - goto loser; - } - - } else if ( authorityKeyID->authCertIssuer != NULL ) { - /* no key ID, so try issuer and serial number */ - caName = (SECItem*)CERT_GetGeneralNameByType(authorityKeyID->authCertIssuer, - certDirectoryName, PR_TRUE); - - /* - * caName is NULL when the authCertIssuer field is not - * being used, or other name form is used instead. - * If the directoryName format and serialNumber fields are - * used, we use them to find the CA cert. - * Note: - * By the time it gets here, we known for sure that if the - * authCertIssuer exists, then the authCertSerialNumber - * must also exists (CERT_DecodeAuthKeyID() ensures this). - * We don't need to check again. - */ - - if (caName != NULL) { - CERTIssuerAndSN issuerSN; - - issuerSN.derIssuer.data = caName->data; - issuerSN.derIssuer.len = caName->len; - issuerSN.serialNumber.data = - authorityKeyID->authCertSerialNumber.data; - issuerSN.serialNumber.len = - authorityKeyID->authCertSerialNumber.len; - issuerCert = CERT_FindCertByIssuerAndSN(cert->dbhandle, - &issuerSN); - if ( issuerCert == NULL ) { - PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER); - goto loser; - } - } - } - } - if ( issuerCert == NULL ) { - /* if there is not authorityKeyID, then try to find the issuer */ - /* find a valid CA cert with correct usage */ - issuerCert = CERT_FindMatchingCert(cert->dbhandle, - &cert->derIssuer, - certOwnerCA, usage, PR_TRUE, - validTime, PR_TRUE); - - /* if that fails, then fall back to grabbing any cert with right name*/ - if ( issuerCert == NULL ) { - issuerCert = CERT_FindCertByName(cert->dbhandle, &cert->derIssuer); - if ( issuerCert == NULL ) { - PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER); - } - } - } - -loser: - if (tmpArena != NULL) { - PORT_FreeArena(tmpArena, PR_FALSE); - tmpArena = NULL; - } - - return(issuerCert); -#else NSSCertificate *me; NSSTime *nssTime; NSSTrustDomain *td; @@ -345,7 +261,6 @@ loser: } PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER); return NULL; -#endif } /* |