diff options
| author | wtc%google.com <devnull@localhost> | 2010-02-01 19:46:49 +0000 |
|---|---|---|
| committer | wtc%google.com <devnull@localhost> | 2010-02-01 19:46:49 +0000 |
| commit | f41e46f504b333ab146d4938a10556e9e5b21010 (patch) | |
| tree | 1773da8cf1f6a279a5c4369bb6f6d4532ba2afb2 /security/nss | |
| parent | e8568f8255267b176dd4f9af0607fab2c51f24f7 (diff) | |
| download | nss-hg-f41e46f504b333ab146d4938a10556e9e5b21010.tar.gz | |
Bug 542538: Add the pwArg argument to CERT_CacheOCSPResponseFromSideChannel.
r=rrelyea.
Modified Files:
ocsp.c ocsp.h
Diffstat (limited to 'security/nss')
| -rw-r--r-- | security/nss/lib/certhigh/ocsp.c | 10 | ||||
| -rw-r--r-- | security/nss/lib/certhigh/ocsp.h | 7 |
2 files changed, 11 insertions, 6 deletions
diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index e3c5d35bf..8c527b8a5 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -4830,6 +4830,8 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert, * time for which status is to be determined * SECItem *encodedResponse * the DER encoded bytes of the OCSP response + * void *pwArg + * argument for password prompting, if needed * RETURN: * SECSuccess if the cert was found in the cache, or if the OCSP response was * found to be valid and inserted into the cache. SECFailure otherwise. @@ -4838,7 +4840,8 @@ SECStatus CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle, CERTCertificate *cert, int64 time, - SECItem *encodedResponse) + SECItem *encodedResponse, + void *pwArg) { CERTOCSPCertID *certID; PRBool certIDWasConsumed = PR_FALSE; @@ -4866,9 +4869,8 @@ CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle, * negative cache entry in this case, then the attacker would have * 'poisoned' our cache (denial of service), so we don't record negative * results. */ - rv = ocsp_CacheEncodedOCSPResponse(handle, certID, cert, time, - NULL /* no pwArg */, encodedResponse, - &certIDWasConsumed, + rv = ocsp_CacheEncodedOCSPResponse(handle, certID, cert, time, pwArg, + encodedResponse, &certIDWasConsumed, PR_FALSE /* don't cache failures */, &rvOcsp); if (!certIDWasConsumed) { diff --git a/security/nss/lib/certhigh/ocsp.h b/security/nss/lib/certhigh/ocsp.h index 2f7564c5e..33a32c37a 100644 --- a/security/nss/lib/certhigh/ocsp.h +++ b/security/nss/lib/certhigh/ocsp.h @@ -571,8 +571,10 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert, * the certificate being checked * PRTime time * time for which status is to be determined - * SECItem encodedResponse + * SECItem *encodedResponse * the DER encoded bytes of the OCSP response + * void *pwArg + * argument for password prompting, if needed * RETURN: * SECSuccess if the cert was found in the cache, or if the OCSP response was * found to be valid and inserted into the cache. SECFailure otherwise. @@ -581,7 +583,8 @@ extern SECStatus CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle, CERTCertificate *cert, PRTime time, - SECItem *encodedResponse); + SECItem *encodedResponse, + void *pwArg); /* * FUNCTION: CERT_GetOCSPStatusForCertID |