diff options
| author | alexei.volkov.bugs%sun.com <devnull@localhost> | 2008-03-31 18:56:02 +0000 |
|---|---|---|
| committer | alexei.volkov.bugs%sun.com <devnull@localhost> | 2008-03-31 18:56:02 +0000 |
| commit | 02c63185fc4143860459fc958b0aaad4fa05ec0d (patch) | |
| tree | 9aac7372dfe4b57e335072de9405b5640dbda4b1 | |
| parent | 358c7f95f761cbcbc53dbd8d76663d2f87e8f714 (diff) | |
| download | nss-hg-02c63185fc4143860459fc958b0aaad4fa05ec0d.tar.gz | |
390530 - libpkix does not support time override. r=nelson
| -rw-r--r-- | security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index df7eccdd2..00aea748d 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -2968,6 +2968,8 @@ PKIX_PL_Cert_CheckValidity( { SECCertTimeValidity val; PRTime timeToCheck; + PKIX_Boolean allowOverride; + SECCertificateUsage requiredUsages; PKIX_ENTER(CERT, "PKIX_PL_Cert_CheckValidity"); PKIX_NULLCHECK_ONE(cert); @@ -2981,8 +2983,11 @@ PKIX_PL_Cert_CheckValidity( timeToCheck = PR_Now(); } - PKIX_CERT_DEBUG("\t\tCalling CERT_CheckCertValidTimes).\n"); - val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, PKIX_FALSE); + requiredUsages = ((PKIX_PL_NssContext*)plContext)->certificateUsage; + allowOverride = + (PRBool)((requiredUsages & certificateUsageSSLServer) || + (requiredUsages & certificateUsageSSLServerWithStepUp)); + val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride); if (val != secCertTimeValid){ PKIX_ERROR(PKIX_CERTCHECKCERTVALIDTIMESFAILED); } |