diff options
author | kaie%kuix.de <devnull@localhost> | 2004-07-27 22:23:44 +0000 |
---|---|---|
committer | kaie%kuix.de <devnull@localhost> | 2004-07-27 22:23:44 +0000 |
commit | 54e2c68caeb6e5dd2ae769581cd269fc44d6d393 (patch) | |
tree | ef7f01d0fc006ae9c6a67de2339be4aaf0e5f9e0 | |
parent | 4554bc106340e0c3f99606fcd6c64f9a0cd2d27c (diff) | |
download | nss-hg-54e2c68caeb6e5dd2ae769581cd269fc44d6d393.tar.gz |
b=249004 Do not import invalid/untrusted certs, prevent a DoS that disables SSL connections to trusted peers.MOZILLA_1_4_4_RELEASEMOZILLA_1_4_3_RELEASE
r=relyea sr=jst/brendan a=blizzard
-rw-r--r-- | security/nss/lib/certdb/certdb.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 5dfb471ec..de88d37a8 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -1140,6 +1140,7 @@ CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA; break; case certUsageAnyCA: + case certUsageVerifyCA: case certUsageStatusResponder: requiredKeyUsage = KU_KEY_CERT_SIGN; requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA | |