diff options
author | rangansen%netscape.com <devnull@localhost> | 2002-08-23 18:02:10 +0000 |
---|---|---|
committer | rangansen%netscape.com <devnull@localhost> | 2002-08-23 18:02:10 +0000 |
commit | a587029464be46f9e501a620e518a13ed7d2b394 (patch) | |
tree | db7e9c93f1feaed65b2258f8cdb35fbf86b53aaf /security/nss/lib/certhigh | |
parent | 0688c5a853f90d6f0bdb06e45ed1372d3b266833 (diff) | |
download | nss-hg-a587029464be46f9e501a620e518a13ed7d2b394.tar.gz |
Making sure VerifyCACertForUsage checks CRL if usage is statusResponder. Changes reviewed by Bob Relyea
Diffstat (limited to 'security/nss/lib/certhigh')
-rw-r--r-- | security/nss/lib/certhigh/certvfy.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index a9570cdd1..5fcb1dbca 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -1016,6 +1016,7 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert, unsigned int caCertType; unsigned int requiredCAKeyUsage; unsigned int requiredFlags; + CERTCertificate *issuerCert; if (CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_TRUE, @@ -1100,6 +1101,18 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert, if ( ( flags & requiredFlags ) == requiredFlags || certUsage == certUsageStatusResponder ) { /* we found a trusted one, so return */ + //Check the special case of certUsageStatusResponder + if(certUsage == certUsageStatusResponder) { + issuerCert = CERT_FindCertIssuer(cert, t, certUsage); + if (issuerCert) { + if(SEC_CheckCRL(handle, cert, issuerCert, t, wincx) != SECSuccess) { + PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); + CERT_DestroyCertificate(issuerCert); + goto loser; + } + CERT_DestroyCertificate(issuerCert); + } + } rv = rvFinal; goto done; } |