diff options
author | relyea%netscape.com <devnull@localhost> | 2002-08-30 03:44:24 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2002-08-30 03:44:24 +0000 |
commit | 39739d5227a67eb039c5f199f4f89a66f76fe10a (patch) | |
tree | c61b0f1771cea11cb90acb41e7b42aea774dc4a4 | |
parent | c249169d892630204d54393c0f401eb7a5b7c8bd (diff) | |
download | nss-hg-39739d5227a67eb039c5f199f4f89a66f76fe10a.tar.gz |
Don't accept non-user certs when looking for a recipient.
-rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 54d122cc1..2fc5f7c39 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -2115,6 +2115,11 @@ pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipien cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->id.issuerAndSN, pwarg); if (cert) { + if ((cert->trust == NULL) || + ((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) { + CERT_DestroyCertificate(cert); + continue; + } ri->slot = PK11_ReferenceSlot(slot); *rlIndex = i; return cert; @@ -2182,6 +2187,11 @@ pk11_FindCertObjectByRecipient(PK11SlotInfo *slot, cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->issuerAndSN, pwarg); if (cert) { + if ((cert->trust == NULL) || + ((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) { + CERT_DestroyCertificate(cert); + continue; + } *rip = ri; return cert; } |