diff options
| author | falken@google.com <falken@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-31 04:26:30 +0000 |
|---|---|---|
| committer | falken@google.com <falken@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-31 04:26:30 +0000 |
| commit | 440d59908056a535d4df7e2bdb4ababe122286a9 (patch) | |
| tree | e26e761c534f3e44240808eccad9292d71f1c77f /chrome/third_party | |
| parent | c4ca3b454d7a68dd8841d0b2f03f0f81c3cc2a7d (diff) | |
| download | chromium_src-440d59908056a535d4df7e2bdb4ababe122286a9.zip chromium_src-440d59908056a535d4df7e2bdb4ababe122286a9.tar.gz chromium_src-440d59908056a535d4df7e2bdb4ababe122286a9.tar.bz2 | |
Revert 139719 - Fix imported server certs being distrusted in NSS 3.13.
Reverting as it seemed to break net_unittests on Linux(dbg)(shared).
Add support for intentionally distrusting certs. (Not exposed in the UI yet.)
BUG=116411
TEST=CertDatabaseNSSTest
Review URL: https://chromiumcodereview.appspot.com/9940001
TBR=mattm@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10440110
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139725 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/third_party')
| -rw-r--r-- | chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp | 24 |
1 files changed, 5 insertions, 19 deletions
diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp index 6e04997..c161b65 100644 --- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp +++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp @@ -40,7 +40,6 @@ #include "chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h" -#include <certdb.h> #include <keyhi.h> #include <prprf.h> #include <unicode/uidna.h> @@ -54,16 +53,9 @@ #include "grit/generated_resources.h" #include "net/base/ip_endpoint.h" #include "net/base/net_util.h" +#include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" #include "ui/base/l10n/l10n_util.h" -#if !defined(CERTDB_TERMINAL_RECORD) -/* NSS 3.13 renames CERTDB_VALID_PEER to CERTDB_TERMINAL_RECORD - * and marks CERTDB_VALID_PEER as deprecated. - * If we're using an older version, rename it ourselves. - */ -#define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER -#endif - namespace { std::string BMPtoUTF8(PRArenaPool* arena, unsigned char* data, @@ -1046,18 +1038,12 @@ std::string ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo* spki) { } net::CertType GetCertType(CERTCertificate *cert) { - CERTCertTrust trust = {0}; - CERT_GetCertTrust(cert, &trust); - - unsigned all_flags = trust.sslFlags | trust.emailFlags | - trust.objectSigningFlags; - - if (cert->nickname && (all_flags & CERTDB_USER)) + nsNSSCertTrust trust(cert->trust); + if (cert->nickname && trust.HasAnyUser()) return net::USER_CERT; - if ((all_flags & CERTDB_VALID_CA) || CERT_IsCACert(cert, NULL)) + if (trust.HasAnyCA() || CERT_IsCACert(cert, NULL)) return net::CA_CERT; - // TODO(mattm): http://crbug.com/128633. - if (trust.sslFlags & CERTDB_TERMINAL_RECORD) + if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE)) return net::SERVER_CERT; return net::UNKNOWN_CERT; } |