| Index: nss/mozilla/security/nss/lib/certdb/certdb.c
|
| ===================================================================
|
| --- nss/mozilla/security/nss/lib/certdb/certdb.c (revision 142244)
|
| +++ nss/mozilla/security/nss/lib/certdb/certdb.c (working copy)
|
| @@ -39,7 +39,7 @@
|
| /*
|
| * Certificate handling code
|
| *
|
| - * $Id: certdb.c,v 1.120 2011/11/17 00:20:20 bsmith%mozilla.com Exp $
|
| + * $Id: certdb.c,v 1.121.2.1 2012/04/03 00:38:19 wtc%google.com Exp $
|
| */
|
|
|
| #include "nssilock.h"
|
| @@ -596,6 +596,20 @@
|
| nsCertType |= NS_CERT_TYPE_SSL_SERVER;
|
| }
|
| }
|
| + /*
|
| + * Treat certs with step-up OID as also having SSL server type.
|
| + * COMODO needs this behaviour until June 2020. See Bug 737802.
|
| + */
|
| + if (findOIDinOIDSeqByTagNum(extKeyUsage,
|
| + SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) ==
|
| + SECSuccess){
|
| + if (basicConstraintPresent == PR_TRUE &&
|
| + (basicConstraint.isCA)) {
|
| + nsCertType |= NS_CERT_TYPE_SSL_CA;
|
| + } else {
|
| + nsCertType |= NS_CERT_TYPE_SSL_SERVER;
|
| + }
|
| + }
|
| if (findOIDinOIDSeqByTagNum(extKeyUsage,
|
| SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) ==
|
| SECSuccess){
|
| @@ -2941,6 +2955,7 @@
|
| PORT_Assert(certTrustLock != NULL);
|
| if (!certTrustLock) {
|
| PZ_DestroyLock(certRefCountLock);
|
| + certRefCountLock = NULL;
|
| return SECFailure;
|
| }
|
| }
|
|
|
Chromium Code Reviews
Issue 10540165:
Update NSS to NSS 3.13.5 (from NSS 3.13.3). (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/