net/third_party/mozilla_security_manager/nsNSSCertTrust.cpp - Issue 10458069: Reland: Fix imported server certs being distrusted in NSS 3.13.

Unified Diff: net/third_party/mozilla_security_manager/nsNSSCertTrust.cpp

Issue 10458069: Reland: Fix imported server certs being distrusted in NSS 3.13. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: fix the test failures Created 8 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « net/third_party/mozilla_security_manager/nsNSSCertTrust.h ('k') | net/third_party/mozilla_security_manager/nsNSSCertificateDB.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/third_party/mozilla_security_manager/nsNSSCertTrust.cpp

diff --git a/net/third_party/mozilla_security_manager/nsNSSCertTrust.cpp b/net/third_party/mozilla_security_manager/nsNSSCertTrust.cpp

deleted file mode 100644

index 408e55d33bde35e15ab3330ab0f55d8ce11c4a03..0000000000000000000000000000000000000000

--- a/net/third_party/mozilla_security_manager/nsNSSCertTrust.cpp

+++ /dev/null

@@ -1,378 +0,0 @@

-/* ***** BEGIN LICENSE BLOCK *****

- * Version: MPL 1.1/GPL 2.0/LGPL 2.1

- *

- * The contents of this file are subject to the Mozilla Public License Version

- * 1.1 (the "License"); you may not use this file except in compliance with

- * the License. You may obtain a copy of the License at

- * http://www.mozilla.org/MPL/

- *

- * Software distributed under the License is distributed on an "AS IS" basis,

- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License

- * for the specific language governing rights and limitations under the

- * License.

- *

- * The Original Code is the Netscape security libraries.

- *

- * The Initial Developer of the Original Code is

- * Netscape Communications Corporation.

- *

- * Contributor(s):

- * Ian McGreer <mcgreer@netscape.com>

- * Javier Delgadillo <javi@netscape.com>

- *

- * Alternatively, the contents of this file may be used under the terms of

- * either the GNU General Public License Version 2 or later (the "GPL"), or

- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),

- * in which case the provisions of the GPL or the LGPL are applicable instead

- * of those above. If you wish to allow use of your version of this file only

- * under the terms of either the GPL or the LGPL, and not to allow others to

- * use your version of this file under the terms of the MPL, indicate your

- * decision by deleting the provisions above and replace them with the notice

- * and other provisions required by the GPL or the LGPL. If you do not delete

- * the provisions above, a recipient may use your version of this file under

- * the terms of any one of the MPL, the GPL or the LGPL.

- *

- * ***** END LICENSE BLOCK ***** */

-#include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"

-#if !defined(CERTDB_TERMINAL_RECORD)

-/* NSS 3.13 renames CERTDB_VALID_PEER to CERTDB_TERMINAL_RECORD

- * and marks CERTDB_VALID_PEER as deprecated.

- * If we're using an older version, rename it ourselves.

- */

-#define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER

-#endif

-namespace mozilla_security_manager {

-void

-nsNSSCertTrust::AddCATrust(PRBool ssl, PRBool email, PRBool objSign)

- if (ssl) {

- addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);

- addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);

- }

- if (email) {

- addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);

- addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);

- }

- if (objSign) {

- addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);

- addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);

- }

-void

-nsNSSCertTrust::AddPeerTrust(PRBool ssl, PRBool email, PRBool objSign)

- if (ssl)

- addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);

- if (email)

- addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);

- if (objSign)

- addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);

-nsNSSCertTrust::nsNSSCertTrust()

- memset(&mTrust, 0, sizeof(CERTCertTrust));

-nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl,

- unsigned int email,

- unsigned int objsign)

- memset(&mTrust, 0, sizeof(CERTCertTrust));

- addTrust(&mTrust.sslFlags, ssl);

- addTrust(&mTrust.emailFlags, email);

- addTrust(&mTrust.objectSigningFlags, objsign);

-nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)

- if (t)

- memcpy(&mTrust, t, sizeof(CERTCertTrust));

- else

- memset(&mTrust, 0, sizeof(CERTCertTrust));

-nsNSSCertTrust::~nsNSSCertTrust()

-void

-nsNSSCertTrust::SetSSLTrust(PRBool peer, PRBool tPeer,

- PRBool ca, PRBool tCA, PRBool tClientCA,

- PRBool user, PRBool warn)

- mTrust.sslFlags = 0;

- if (peer || tPeer)

- addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);

- if (tPeer)

- addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);

- if (ca || tCA)

- addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);

- if (tClientCA)

- addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);

- if (tCA)

- addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);

- if (user)

- addTrust(&mTrust.sslFlags, CERTDB_USER);

- if (warn)

- addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);

-void

-nsNSSCertTrust::SetEmailTrust(PRBool peer, PRBool tPeer,

- PRBool ca, PRBool tCA, PRBool tClientCA,

- PRBool user, PRBool warn)

- mTrust.emailFlags = 0;

- if (peer || tPeer)

- addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);

- if (tPeer)

- addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);

- if (ca || tCA)

- addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);

- if (tClientCA)

- addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);

- if (tCA)

- addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);

- if (user)

- addTrust(&mTrust.emailFlags, CERTDB_USER);

- if (warn)

- addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);

-void

-nsNSSCertTrust::SetObjSignTrust(PRBool peer, PRBool tPeer,

- PRBool ca, PRBool tCA, PRBool tClientCA,

- PRBool user, PRBool warn)

- mTrust.objectSigningFlags = 0;

- if (peer || tPeer)

- addTrust(&mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD);

- if (tPeer)

- addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);

- if (ca || tCA)

- addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_CA);

- if (tClientCA)

- addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);

- if (tCA)

- addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);

- if (user)

- addTrust(&mTrust.objectSigningFlags, CERTDB_USER);

- if (warn)

- addTrust(&mTrust.objectSigningFlags, CERTDB_SEND_WARN);

-void

-nsNSSCertTrust::SetValidCA()

- SetSSLTrust(PR_FALSE, PR_FALSE,

- PR_TRUE, PR_FALSE, PR_FALSE,

- PR_FALSE, PR_FALSE);

- SetEmailTrust(PR_FALSE, PR_FALSE,

- PR_TRUE, PR_FALSE, PR_FALSE,

- PR_FALSE, PR_FALSE);

- SetObjSignTrust(PR_FALSE, PR_FALSE,

- PR_TRUE, PR_FALSE, PR_FALSE,

- PR_FALSE, PR_FALSE);

-void

-nsNSSCertTrust::SetTrustedServerCA()

- SetSSLTrust(PR_FALSE, PR_FALSE,

- PR_TRUE, PR_TRUE, PR_FALSE,

- PR_FALSE, PR_FALSE);

- SetEmailTrust(PR_FALSE, PR_FALSE,

- PR_TRUE, PR_TRUE, PR_FALSE,

- PR_FALSE, PR_FALSE);

- SetObjSignTrust(PR_FALSE, PR_FALSE,

- PR_TRUE, PR_TRUE, PR_FALSE,

- PR_FALSE, PR_FALSE);

-void

-nsNSSCertTrust::SetTrustedCA()

- SetSSLTrust(PR_FALSE, PR_FALSE,

- PR_TRUE, PR_TRUE, PR_TRUE,

- PR_FALSE, PR_FALSE);

- SetEmailTrust(PR_FALSE, PR_FALSE,

- PR_TRUE, PR_TRUE, PR_TRUE,

- PR_FALSE, PR_FALSE);

- SetObjSignTrust(PR_FALSE, PR_FALSE,

- PR_TRUE, PR_TRUE, PR_TRUE,

- PR_FALSE, PR_FALSE);

-void

-nsNSSCertTrust::SetValidPeer()

- SetSSLTrust(PR_TRUE, PR_FALSE,