Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: nss/lib/libpkix/pkix/top/pkix_build.c

Issue 17773004: Update NSS to NSS_3_15_1_BETA2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/certdb/stanpcertdb.c ('k') | nss/lib/nss/nss.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nss/lib/libpkix/pkix/top/pkix_build.c
===================================================================
--- nss/lib/libpkix/pkix/top/pkix_build.c (revision 206843)
+++ nss/lib/libpkix/pkix/top/pkix_build.c (working copy)
@@ -1021,9 +1021,11 @@
PKIX_ProcessingParams *procParams = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_PL_PublicKey *trustedPubKey = NULL;
+ PKIX_PL_CertNameConstraints *trustedNC = NULL;
PKIX_CertChainChecker *sigChecker = NULL;
PKIX_CertChainChecker *policyChecker = NULL;
PKIX_CertChainChecker *userChecker = NULL;
+ PKIX_CertChainChecker *nameConstraintsChecker = NULL;
PKIX_CertChainChecker *checker = NULL;
PKIX_CertSelector *certSelector = NULL;
PKIX_List *userCheckerExtOIDs = NULL;
@@ -1192,7 +1194,7 @@
}
}
- /* Inabling post chain building signature check on the certs. */
+ /* Enabling post chain building signature check on the certs. */
PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
(anchor, &trustedCert, plContext),
PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
@@ -1214,6 +1216,23 @@
plContext),
PKIX_LISTAPPENDITEMFAILED);
+ /* Enabling post chain building name constraints check on the certs. */
+ PKIX_CHECK(PKIX_TrustAnchor_GetNameConstraints
+ (anchor, &trustedNC, plContext),
+ PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED);
+
+ PKIX_CHECK(pkix_NameConstraintsChecker_Initialize
+ (trustedNC, numChainCerts, &nameConstraintsChecker,
+ plContext),
+ PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED);
+
+ PKIX_CHECK(PKIX_List_AppendItem
+ (checkers,
+ (PKIX_PL_Object *)nameConstraintsChecker,
+ plContext),
+ PKIX_LISTAPPENDITEMFAILED);
+
+
PKIX_DECREF(state->reversedCertChain);
PKIX_INCREF(reversedCertChain);
state->reversedCertChain = reversedCertChain;
@@ -1240,6 +1259,8 @@
PKIX_DECREF(trustedPubKey);
PKIX_DECREF(certSelector);
PKIX_DECREF(sigChecker);
+ PKIX_DECREF(trustedNC);
+ PKIX_DECREF(nameConstraintsChecker);
PKIX_DECREF(policyChecker);
PKIX_DECREF(userChecker);
PKIX_DECREF(userCheckerExtOIDs);
« no previous file with comments | « nss/lib/certdb/stanpcertdb.c ('k') | nss/lib/nss/nss.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698