chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp - Issue 10458069: Reland: Fix imported server certs being distrusted in NSS 3.13.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

Issue 10458069: Reland: Fix imported server certs being distrusted in NSS 3.13. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: fix the test failures Created 8 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

index c161b65d8523ecddc748cce013d9c49a27638605..6e0499716f1688f7d251777aaaba9c73a9c6daef 100644

--- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

+++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

@@ -40,6 +40,7 @@

#include "chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h"

+#include <certdb.h>

#include <keyhi.h>

#include <prprf.h>

#include <unicode/uidna.h>

@@ -53,9 +54,16 @@

#include "grit/generated_resources.h"

#include "net/base/ip_endpoint.h"

#include "net/base/net_util.h"

-#include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"

#include "ui/base/l10n/l10n_util.h"

+#if !defined(CERTDB_TERMINAL_RECORD)

+/* NSS 3.13 renames CERTDB_VALID_PEER to CERTDB_TERMINAL_RECORD

+ * and marks CERTDB_VALID_PEER as deprecated.

+ * If we're using an older version, rename it ourselves.

+ */

+#define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER

+#endif

namespace {

std::string BMPtoUTF8(PRArenaPool* arena, unsigned char* data,

@@ -1038,12 +1046,18 @@ std::string ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo* spki) {

}

net::CertType GetCertType(CERTCertificate *cert) {

- nsNSSCertTrust trust(cert->trust);

- if (cert->nickname && trust.HasAnyUser())

+ CERTCertTrust trust = {0};

+ CERT_GetCertTrust(cert, &trust);

+ unsigned all_flags = trust.sslFlags | trust.emailFlags |

+ trust.objectSigningFlags;

+ if (cert->nickname && (all_flags & CERTDB_USER))

return net::USER_CERT;

- if (trust.HasAnyCA() || CERT_IsCACert(cert, NULL))

+ if ((all_flags & CERTDB_VALID_CA) || CERT_IsCACert(cert, NULL))

return net::CA_CERT;

- if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))

+ // TODO(mattm): http://crbug.com/128633.

+ if (trust.sslFlags & CERTDB_TERMINAL_RECORD)

return net::SERVER_CERT;

return net::UNKNOWN_CERT;

}

« no previous file with comments | « chrome/common/net/x509_certificate_model_unittest.cc ('k') | net/base/cert_database.h » ('j') | no next file with comments »