summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorjulien.pierre.bugs%sun.com <devnull@localhost>2005-03-04 04:32:04 +0000
committerjulien.pierre.bugs%sun.com <devnull@localhost>2005-03-04 04:32:04 +0000
commitf49111debd6b270ea4597bc9c0bbfc8aba78c279 (patch)
tree3a6a9894b403463692de3273d5460821345ca1d6 /security
parent20132aac7904cc5c2eaa81ed61af6dfed40734ba (diff)
downloadnss-hg-f49111debd6b270ea4597bc9c0bbfc8aba78c279.tar.gz
Fix for 283765. Fix for UMR in NSSUsage. r=julien
Diffstat (limited to 'security')
-rw-r--r--security/nss/lib/pk11wrap/pk11cert.c3
-rw-r--r--security/nss/lib/pki/pki3hack.c38
-rw-r--r--security/nss/lib/pki/pkibase.c2
-rw-r--r--security/nss/lib/pki/pkim.h2
-rw-r--r--security/nss/lib/pki/pkitm.h2
5 files changed, 23 insertions, 24 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index ac2ff432c..466fb3b0b 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -601,7 +601,7 @@ PK11_FindCertFromNickname(char *nickname, void *wincx)
CERTCertificate *rvCert = NULL;
NSSCertificate *cert = NULL;
NSSCertificate **certs = NULL;
- NSSUsage usage;
+ static const NSSUsage usage = {PR_TRUE /* ... */ };
NSSToken *token;
NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain();
PK11SlotInfo *slot = NULL;
@@ -610,7 +610,6 @@ PK11_FindCertFromNickname(char *nickname, void *wincx)
char *delimit = NULL;
char *tokenName;
- usage.anyUsage = PR_TRUE;
nickCopy = PORT_Strdup(nickname);
if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) {
tokenName = nickCopy;
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c
index d7a19f5a2..bbbeb5d4b 100644
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@@ -393,39 +393,39 @@ nss3certificate_isNewerThan(nssDecodedCert *dc, nssDecodedCert *cmpdc)
/* CERT_FilterCertListByUsage */
static PRBool
-nss3certificate_matchUsage(nssDecodedCert *dc, NSSUsage *usage)
+nss3certificate_matchUsage(nssDecodedCert *dc, const NSSUsage *usage)
{
+ CERTCertificate *cc;
+ unsigned int requiredKeyUsage = 0;
+ unsigned int requiredCertType = 0;
SECStatus secrv;
- unsigned int requiredKeyUsage;
- unsigned int requiredCertType;
- unsigned int certType;
PRBool match;
- CERTCertificate *cc = (CERTCertificate *)dc->data;
- SECCertUsage secUsage = usage->nss3usage;
- PRBool ca = usage->nss3lookingForCA;
+ PRBool ca;
/* This is for NSS 3.3 functions that do not specify a usage */
if (usage->anyUsage) {
return PR_TRUE;
}
- secrv = CERT_KeyUsageAndTypeForCertUsage(secUsage, ca,
+ ca = usage->nss3lookingForCA;
+ secrv = CERT_KeyUsageAndTypeForCertUsage(usage->nss3usage, ca,
&requiredKeyUsage,
&requiredCertType);
if (secrv != SECSuccess) {
return PR_FALSE;
}
- match = PR_TRUE;
+ cc = (CERTCertificate *)dc->data;
secrv = CERT_CheckKeyUsage(cc, requiredKeyUsage);
- if (secrv != SECSuccess) {
- match = PR_FALSE;
- }
- if (ca) {
- (void)CERT_IsCACert(cc, &certType);
- } else {
- certType = cc->nsCertType;
- }
- if (!(certType & requiredCertType)) {
- match = PR_FALSE;
+ match = (PRBool)(secrv == SECSuccess);
+ if (match) {
+ unsigned int certType = 0;
+ if (ca) {
+ (void)CERT_IsCACert(cc, &certType);
+ } else {
+ certType = cc->nsCertType;
+ }
+ if (!(certType & requiredCertType)) {
+ match = PR_FALSE;
+ }
}
return match;
}
diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c
index 7537b4615..deef58b52 100644
--- a/security/nss/lib/pki/pkibase.c
+++ b/security/nss/lib/pki/pkibase.c
@@ -428,7 +428,7 @@ NSS_IMPLEMENT NSSCertificate *
nssCertificateArray_FindBestCertificate (
NSSCertificate **certs,
NSSTime *timeOpt,
- NSSUsage *usage,
+ const NSSUsage *usage,
NSSPolicies *policiesOpt
)
{
diff --git a/security/nss/lib/pki/pkim.h b/security/nss/lib/pki/pkim.h
index e28a7d80b..3a28335d6 100644
--- a/security/nss/lib/pki/pkim.h
+++ b/security/nss/lib/pki/pkim.h
@@ -345,7 +345,7 @@ nssCertificateArray_FindBestCertificate
(
NSSCertificate **certs,
NSSTime *timeOpt,
- NSSUsage *usage,
+ const NSSUsage *usage,
NSSPolicies *policiesOpt
);
diff --git a/security/nss/lib/pki/pkitm.h b/security/nss/lib/pki/pkitm.h
index fae186053..04d701c45 100644
--- a/security/nss/lib/pki/pkitm.h
+++ b/security/nss/lib/pki/pkitm.h
@@ -89,7 +89,7 @@ struct nssDecodedCertStr {
/* is the validity period of this cert newer than cmpdc? */
PRBool (*isNewerThan)(nssDecodedCert *dc, nssDecodedCert *cmpdc);
/* does the usage for this cert match the requested usage? */
- PRBool (*matchUsage)(nssDecodedCert *dc, NSSUsage *usage);
+ PRBool (*matchUsage)(nssDecodedCert *dc, const NSSUsage *usage);
/* extract the email address */
NSSASCII7 *(*getEmailAddress)(nssDecodedCert *dc);
/* extract the DER-encoded serial number */
View Lorry Controller Status