diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2002-01-04 19:21:54 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-01-04 19:21:54 +0000 |
commit | 6efaa4462ff7e4d44b7e034cd557d810b0a85dca (patch) | |
tree | 1a2b78f7923ea71bf2c9dfbf0b148346e162cc5c /security | |
parent | f5d786adbab94e96285796671c9f75664e0a6fe1 (diff) | |
download | nss-hg-6efaa4462ff7e4d44b7e034cd557d810b0a85dca.tar.gz |
implement trust ordering when merging trust
Diffstat (limited to 'security')
-rw-r--r-- | security/nss/lib/pki/pki3hack.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 9e8f42672..a0c0fca07 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -409,6 +409,15 @@ cert_trust_from_stan_trust(NSSTrust *t, PRArenaPool *arena) return rvTrust; } +static int nsstoken_get_trust_order(NSSToken *token) +{ + PK11SlotInfo *slot; + SECMODModule *module; + slot = token->pk11slot; + module = PK11_GetModule(slot); + return module->trustOrder; +} + static CERTCertTrust * nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc) { @@ -418,8 +427,10 @@ nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc) NSSTrust *tokenTrust; NSSTrust *t = NULL; nssListIterator *tokens; + int lastTrustOrder, myTrustOrder; tokens = nssList_CreateIterator(td->tokenList); if (!tokens) return NULL; + lastTrustOrder = 1<<16; /* just make it big */ for (tok = (NSSToken *)nssListIterator_Start(tokens); tok != (NSSToken *)NULL; tok = (NSSToken *)nssListIterator_Next(tokens)) @@ -427,24 +438,29 @@ nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc) tokenTrust = nssToken_FindTrustForCert(tok, NULL, c, nssTokenSearchType_TokenOnly); if (tokenTrust) { + myTrustOrder = nsstoken_get_trust_order(tok); if (t) { - if (t->serverAuth == CKT_NETSCAPE_TRUST_UNKNOWN) { + if (t->serverAuth == CKT_NETSCAPE_TRUST_UNKNOWN || + myTrustOrder < lastTrustOrder) { t->serverAuth = tokenTrust->serverAuth; } - if (t->clientAuth == CKT_NETSCAPE_TRUST_UNKNOWN) { + if (t->clientAuth == CKT_NETSCAPE_TRUST_UNKNOWN || + myTrustOrder < lastTrustOrder) { t->clientAuth = tokenTrust->clientAuth; } - if (t->emailProtection == CKT_NETSCAPE_TRUST_UNKNOWN) { + if (t->emailProtection == CKT_NETSCAPE_TRUST_UNKNOWN || + myTrustOrder < lastTrustOrder) { t->emailProtection = tokenTrust->emailProtection; } - if (t->codeSigning == CKT_NETSCAPE_TRUST_UNKNOWN) { + if (t->codeSigning == CKT_NETSCAPE_TRUST_UNKNOWN || + myTrustOrder < lastTrustOrder) { t->codeSigning = tokenTrust->codeSigning; } (void)nssPKIObject_Destroy(&tokenTrust->object); } else { t = tokenTrust; - continue; } + lastTrustOrder = myTrustOrder; } } nssListIterator_Finish(tokens); |