Don't accept non-user certs when looking for a recipient.

author: relyea%netscape.com <devnull@localhost> 2002-08-30 03:44:24 +0000
committer: relyea%netscape.com <devnull@localhost> 2002-08-30 03:44:24 +0000
commit: 39739d5227a67eb039c5f199f4f89a66f76fe10a (patch)
tree: c61b0f1771cea11cb90acb41e7b42aea774dc4a4
parent: c249169d892630204d54393c0f401eb7a5b7c8bd (diff)
download: nss-hg-39739d5227a67eb039c5f199f4f89a66f76fe10a.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index 54d122cc1..2fc5f7c39 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -2115,6 +2115,11 @@ pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipien
 	cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->id.issuerAndSN, 
 								pwarg);
 	if (cert) {
+	    if ((cert->trust == NULL) ||
+		((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) {
+		CERT_DestroyCertificate(cert);
+		continue;
+	    }
 	    ri->slot = PK11_ReferenceSlot(slot);
 	    *rlIndex = i;
 	    return cert;
@@ -2182,6 +2187,11 @@ pk11_FindCertObjectByRecipient(PK11SlotInfo *slot,
 	cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->issuerAndSN, 
 								pwarg);
         if (cert) {
+	    if ((cert->trust == NULL) ||
+		((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) {
+		CERT_DestroyCertificate(cert);
+		continue;
+	    }
 	    *rip = ri;
 	    return cert;
 	}
author	relyea%netscape.com <devnull@localhost>	2002-08-30 03:44:24 +0000
committer	relyea%netscape.com <devnull@localhost>	2002-08-30 03:44:24 +0000
commit	39739d5227a67eb039c5f199f4f89a66f76fe10a (patch)
tree	c61b0f1771cea11cb90acb41e7b42aea774dc4a4
parent	c249169d892630204d54393c0f401eb7a5b7c8bd (diff)
download	nss-hg-39739d5227a67eb039c5f199f4f89a66f76fe10a.tar.gz