summaryrefslogtreecommitdiff
path: root/security/nss/lib/certdb
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/certdb')
-rw-r--r--security/nss/lib/certdb/certdb.c14
-rw-r--r--security/nss/lib/certdb/stanpcertdb.c2
2 files changed, 15 insertions, 1 deletions
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c
index 413615fae..63b153688 100644
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -596,6 +596,20 @@ cert_ComputeCertType(CERTCertificate *cert)
nsCertType |= NS_CERT_TYPE_SSL_SERVER;
}
}
+ /*
+ * Treat certs with step-up OID as also having SSL server type.
+ * COMODO needs this behaviour until June 2020. See Bug 737802.
+ */
+ if (findOIDinOIDSeqByTagNum(extKeyUsage,
+ SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) ==
+ SECSuccess){
+ if (basicConstraintPresent == PR_TRUE &&
+ (basicConstraint.isCA)) {
+ nsCertType |= NS_CERT_TYPE_SSL_CA;
+ } else {
+ nsCertType |= NS_CERT_TYPE_SSL_SERVER;
+ }
+ }
if (findOIDinOIDSeqByTagNum(extKeyUsage,
SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) ==
SECSuccess){
diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c
index 521857111..0d3a31fe4 100644
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -631,7 +631,7 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert)
static CERTCertificate *
common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
- char *name,
+ const char *name,
PRBool anyUsage,
SECCertUsage lookingForUsage)
{
View Lorry Controller Status