diff options
author | jpierre%netscape.com <devnull@localhost> | 2003-04-09 22:23:10 +0000 |
---|---|---|
committer | jpierre%netscape.com <devnull@localhost> | 2003-04-09 22:23:10 +0000 |
commit | 29846659480f7cbd5ceeeead30c811caff5fe92d (patch) | |
tree | 406664d4daa27a69c28958161b5476ed0b24600c | |
parent | 13a0d21d521ae24a88392eb098efea6389d57be8 (diff) | |
download | nss-hg-29846659480f7cbd5ceeeead30c811caff5fe92d.tar.gz |
Fix for 201259 . Make the default client auth callback NSS_GetClientAuthData work with dual-key certs. r=nelsonb, sr=wtc
-rw-r--r-- | security/nss/lib/ssl/authcert.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/security/nss/lib/ssl/authcert.c b/security/nss/lib/ssl/authcert.c index bd473f11f..c43b8b61d 100644 --- a/security/nss/lib/ssl/authcert.c +++ b/security/nss/lib/ssl/authcert.c @@ -68,7 +68,9 @@ NSS_GetClientAuthData(void * arg, proto_win = SSL_RevealPinArg(socket); if (chosenNickName) { - cert = PK11_FindCertFromNickname(chosenNickName, proto_win); + cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), + chosenNickName, certUsageSSLClient, + PR_FALSE, proto_win); if ( cert ) { privkey = PK11_FindKeyByAnyCert(cert, proto_win); if ( privkey ) { @@ -85,7 +87,9 @@ NSS_GetClientAuthData(void * arg, SEC_CERT_NICKNAMES_USER, proto_win); if (names != NULL) { for (i = 0; i < names->numnicknames; i++) { - cert = PK11_FindCertFromNickname(names->nicknames[i],proto_win); + cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), + names->nicknames[i], certUsageSSLClient, + PR_FALSE, proto_win); if ( !cert ) continue; /* Only check unexpired certs */ |