Update NSS to NSS_3_15_BETA2.

nss/lib/certdb/certdb.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * Certificate handling code
  *
  * $Id$
  */
 
@@ skipping 937 matching lines @@
 SECStatus
 CERT_SetSlopTime(PRInt32 slop)          /* seconds */
 {
     if (slop < 0)
         return SECFailure;
     pendingSlop = slop;
     return SECSuccess;
 }
 
 SECStatus
-CERT_GetCertTimes(CERTCertificate *c, PRTime *notBefore, PRTime *notAfter)
+CERT_GetCertTimes(const CERTCertificate *c, PRTime *notBefore, PRTime *notAfter)
 {
     SECStatus rv;
 
     if (!c || !notBefore || !notAfter) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
     
     /* convert DER not-before time */
     rv = DER_DecodeTimeChoice(notBefore, &c->validity.notBefore);
     if (rv) {
         return(SECFailure);
     }
     
     /* convert DER not-after time */
     rv = DER_DecodeTimeChoice(notAfter, &c->validity.notAfter);
     if (rv) {
         return(SECFailure);
     }
 
     return(SECSuccess);
 }
 
 /*
  * Check the validity times of a certificate
  */
 SECCertTimeValidity
-CERT_CheckCertValidTimes(CERTCertificate *c, PRTime t, PRBool allowOverride)
+CERT_CheckCertValidTimes(const CERTCertificate *c, PRTime t,
+                         PRBool allowOverride)
 {
     PRTime notBefore, notAfter, llPendingSlop, tmp1;
     SECStatus rv;
 
     if (!c) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return(secCertTimeUndetermined);
     }
     /* if cert is already marked OK, then don't bother to check */
     if ( allowOverride && c->timeOK ) {
@@ skipping 412 matching lines @@
     if (PORT_Strcasecmp(hn, cn) == 0) {
         return SECSuccess;
     }
 
     PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
     return SECFailure;
 }
 
 
 SECStatus
-cert_VerifySubjectAltName(CERTCertificate *cert, const char *hn)
+cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
 {
     PRArenaPool *     arena          = NULL;
     CERTGeneralName * nameList       = NULL;
     CERTGeneralName * current;
     char *            cn;
     int               cnBufLen;
     unsigned int      hnLen;
     int               DNSextCount    = 0;
     int               IPextCount     = 0;
     PRBool            isIPaddr       = PR_FALSE;
@@ skipping 116 matching lines @@
 }
 
 /*
  * If found:
  *   - subAltName contains the extension (caller must free)
  *   - return value is the decoded namelist (allocated off arena)
  * if not found, or if failure to decode:
  *   - return value is NULL
  */
 CERTGeneralName *
-cert_GetSubjectAltNameList(CERTCertificate *cert, PRArenaPool *arena)
+cert_GetSubjectAltNameList(const CERTCertificate *cert, PRArenaPool *arena)
 {
     CERTGeneralName * nameList       = NULL;
     SECStatus         rv             = SECFailure;
     SECItem           subAltName;
 
     if (!cert || !arena)
       return NULL;
 
     subAltName.data = NULL;
 
@@ skipping 186 matching lines @@
 
     PORT_FreeArena(arena, PR_FALSE);
     return NULL;
 }
 
 /* Make sure that the name of the host we are connecting to matches the
  * name that is incoded in the common-name component of the certificate
  * that they are using.
  */
 SECStatus
-CERT_VerifyCertName(CERTCertificate *cert, const char *hn)
+CERT_VerifyCertName(const CERTCertificate *cert, const char *hn)
 {
     char *    cn;
     SECStatus rv;
     CERTOKDomainName *domainOK;
 
     if (!hn || !strlen(hn)) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
@@ skipping 24 matching lines @@
         } else {
             rv = cert_TestHostName(cn, hn);
         }
         PORT_Free(cn);
     } else 
         PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
     return rv;
 }
 
 PRBool
-CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2)
+CERT_CompareCerts(const CERTCertificate *c1, const CERTCertificate *c2)
 {
     SECComparison comp;
     
     comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
     if ( comp == SECEqual ) { /* certs are the same */
         return(PR_TRUE);
     } else {
         return(PR_FALSE);
     }
 }
@@ skipping 1079 matching lines @@
 
 static PZLock *certTrustLock = NULL;
 
 /*
  * Acquire the cert trust lock
  * There is currently one global lock for all certs, but I'm putting a cert
  * arg here so that it will be easy to make it per-cert in the future if
  * that turns out to be necessary.
  */
 void
-CERT_LockCertTrust(CERTCertificate *cert)
+CERT_LockCertTrust(const CERTCertificate *cert)
 {
     PORT_Assert(certTrustLock != NULL);
     PZ_Lock(certTrustLock);
     return;
 }
 
 SECStatus
 cert_InitLocks(void)
 {
     if ( certRefCountLock == NULL ) {
@@ skipping 37 matching lines @@
     } else {
         rv = SECFailure;
     }
     return rv;
 }
 
 /*
  * Free the cert trust lock
  */
 void
-CERT_UnlockCertTrust(CERTCertificate *cert)
+CERT_UnlockCertTrust(const CERTCertificate *cert)
 {
     PRStatus prstat;
 
     PORT_Assert(certTrustLock != NULL);
     
     prstat = PZ_Unlock(certTrustLock);
     
     PORT_Assert(prstat == PR_SUCCESS);
 
     return;
@@ skipping 287 matching lines @@
     CERTCertificate *cert = NULL;
     SECItem *derCert;
 
     derCert = cert_FindDERCertBySubjectKeyID(subjKeyID);
     if (derCert) {
         cert = CERT_FindCertByDERCert(handle, derCert);
         SECITEM_FreeItem(derCert, PR_TRUE);
     }
     return cert;
 }