diff options
author | Kai Engert <kaie@kuix.de> | 2017-02-09 20:10:55 +0100 |
---|---|---|
committer | Kai Engert <kaie@kuix.de> | 2017-02-09 20:10:55 +0100 |
commit | fcb7d51f217c2a57e83c911066e9fe4d173e3ba7 (patch) | |
tree | 4c43e8270b614cb33ad947d042007d2795afadf1 /cmd/lib | |
parent | bef9fd9bf3f8a3bf232a54ab7f89e195a67ba2a4 (diff) | |
download | nss-hg-fcb7d51f217c2a57e83c911066e9fe4d173e3ba7.tar.gz |
Bug 1334976, use a new attribute in the builtins root CA list, to distinguish between Mozilla policy CAs and other CAs, code changes, r=rrelyea
Diffstat (limited to 'cmd/lib')
-rw-r--r-- | cmd/lib/secutil.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c index c5ed068a7..33603bbae 100644 --- a/cmd/lib/secutil.c +++ b/cmd/lib/secutil.c @@ -32,7 +32,7 @@ #include "certt.h" #include "certdb.h" -/* #include "secmod.h" */ +#include "secmod.h" #include "pk11func.h" #include "secoid.h" @@ -3229,6 +3229,8 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert, SECStatus rv; SECItem data; CERTCertTrust certTrust; + PK11SlotList *slotList; + const char *moz_policy_ca_info = NULL; data.data = cert->derCert.data; data.len = cert->derCert.len; @@ -3238,6 +3240,34 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert, if (rv) { return (SECFailure); } + + slotList = PK11_GetAllSlotsForCert(cert, NULL); + if (slotList) { + PK11SlotListElement *se = PK11_GetFirstSafe(slotList); + for ( ; se; se = PK11_GetNextSafe(slotList, se, PR_FALSE)) { + CK_OBJECT_HANDLE handle = PK11_FindCertInSlot(se->slot, cert, NULL); + if (handle != CK_INVALID_HANDLE) { + PORT_SetError(0); + if (PK11_HasAttributeSet(se->slot, handle, + CKA_NSS_MOZILLA_CA_POLICY, PR_FALSE)) { + moz_policy_ca_info = "true (attribute present)"; + } else { + if (PORT_GetError() != 0) { + moz_policy_ca_info = "false (attribute missing)"; + } else { + moz_policy_ca_info = "false (attribute present)"; + } + } + } + } + PK11_FreeSlotList(slotList); + } + + if (moz_policy_ca_info) { + SECU_Indent(stdout, 1); + printf("Mozilla-CA-Policy: %s\n", moz_policy_ca_info); + } + if (trust) { SECU_PrintTrustFlags(stdout, trust, "Certificate Trust Flags", 1); |