When looking for a recipient match, reject non-user certs.

author: relyea%netscape.com <devnull@localhost> 2002-08-29 22:19:46 +0000
committer: relyea%netscape.com <devnull@localhost> 2002-08-29 22:19:46 +0000
commit: c97893ae636536c70144f072a544aefb301c9cef (patch)
tree: 79cb20bedd44e76198c5989ac7fcb4fc77b04730
parent: ed3c5f5fee6dd91ace0dd18448087ab594df465a (diff)
download: nss-hg-c97893ae636536c70144f072a544aefb301c9cef.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index e768dc9b4..72866d55b 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -2115,6 +2115,12 @@ pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipien
 	    continue;
 	cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->id.issuerAndSN, 
 								pwarg);
+	/* this isn't our cert */
+	if ((cert->trust == NULL) ||
+       		((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) {
+	    CERT_DestroyCertificate(cert);
+	    continue;
+	}
 	if (cert) {
 	    ri->slot = PK11_ReferenceSlot(slot);
 	    *rlIndex = i;
@@ -2182,6 +2188,11 @@ pk11_FindCertObjectByRecipient(PK11SlotInfo *slot,
 
 	cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->issuerAndSN, 
 								pwarg);
+	if ((cert->trust == NULL) ||
+       		((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) {
+	    CERT_DestroyCertificate(cert);
+	    continue;
+	}
         if (cert) {
 	    *rip = ri;
 	    return cert;
author	relyea%netscape.com <devnull@localhost>	2002-08-29 22:19:46 +0000
committer	relyea%netscape.com <devnull@localhost>	2002-08-29 22:19:46 +0000
commit	c97893ae636536c70144f072a544aefb301c9cef (patch)
tree	79cb20bedd44e76198c5989ac7fcb4fc77b04730
parent	ed3c5f5fee6dd91ace0dd18448087ab594df465a (diff)
download	nss-hg-c97893ae636536c70144f072a544aefb301c9cef.tar.gz