diff options
author | wtc%google.com <devnull@localhost> | 2010-06-24 18:03:38 +0000 |
---|---|---|
committer | wtc%google.com <devnull@localhost> | 2010-06-24 18:03:38 +0000 |
commit | 044edca93d72df4a3d8883cd7673e8ced8fc14b1 (patch) | |
tree | 7a9f16e57d0bb45342aa8682b37aab85e72498d3 | |
parent | 436499c69caf17821883fc5fb0fe22ba667b90ba (diff) | |
download | nss-hg-044edca93d72df4a3d8883cd7673e8ced8fc14b1.tar.gz |
Bug 394919: dNSName constraints should constrain cert Common Names in
certs. r=nelson.
Modified Files:
pkix_pl_cert.c pkix_pl_nameconstraints.c
-rw-r--r-- | security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c | 7 | ||||
-rw-r--r-- | security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c | 2 |
2 files changed, 5 insertions, 4 deletions
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index f2156acbd..df5f03a0e 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -3182,9 +3182,10 @@ PKIX_PL_Cert_CheckNameConstraints( } /* This NSS call returns both Subject and Subject Alt Names */ - PKIX_CERT_DEBUG("\t\tCalling CERT_GetCertificateNames\n"); - nssSubjectNames = CERT_GetCertificateNames - (cert->nssCert, arena); + PKIX_CERT_DEBUG + ("\t\tCalling CERT_GetConstrainedCertificateNames\n"); + nssSubjectNames = CERT_GetConstrainedCertificateNames + (cert->nssCert, arena, PR_TRUE); PKIX_CHECK(pkix_pl_CertNameConstraints_CheckNameSpaceNssNames (nssSubjectNames, diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c index a0127668b..5486b74be 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c @@ -277,7 +277,7 @@ cleanup: * FUNCTION: pkix_pl_CertNameConstraints_CheckNameSpaceNssNames * DESCRIPTION: * - * This function checks if CERTGeneral names in "nssSubjectNames" complies + * This function checks if CERTGeneralNames in "nssSubjectNames" comply * with the permitted and excluded names in "nameConstraints". It returns * PKIX_TRUE in "pCheckPass", if the Names satify the name space of the * permitted list and if the Names are not in the excluded list. Otherwise, |