diff options
author | chrisk%netscape.com <devnull@localhost> | 2000-06-20 16:15:32 +0000 |
---|---|---|
committer | chrisk%netscape.com <devnull@localhost> | 2000-06-20 16:15:32 +0000 |
commit | 9b54fc95a7f9e5ecc8eefb966d75af6df7dae6ce (patch) | |
tree | 4fa968c56881bf8d13224f0611fad3b12a83a1e3 | |
parent | 8e3cbc45492824686cb3bc9301226c272bf03cb2 (diff) | |
download | nss-hg-9b54fc95a7f9e5ecc8eefb966d75af6df7dae6ce.tar.gz |
Fix problem where DH certs were always rejected when verifying them
for EMail encryption.
A Diffie-Hellman key needs to be tested for KU_KEY_AGREEMENT, not
KU_KEY_ENCIPHERMENT.
-rw-r--r-- | security/nss/lib/certdb/certdb.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index fcff390ed..17f084f5b 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -1042,7 +1042,8 @@ CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage) */ if ( requiredUsage & KU_KEY_AGREEMENT_OR_ENCIPHERMENT ) { key = CERT_ExtractPublicKey(cert); - if ( ( key->keyType == keaKey ) || ( key->keyType == fortezzaKey ) ) { + if ( ( key->keyType == keaKey ) || ( key->keyType == fortezzaKey ) || + ( key->keyType == dhKey ) ) { requiredUsage |= KU_KEY_AGREEMENT; } else { requiredUsage |= KU_KEY_ENCIPHERMENT; |