mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 898431: Update to NSS_3_15_2_BETA2. Inclues the fixes for bug 912844,
bug 912847, and bug 900971.
This commit is contained in:
Wan-Teh Chang
parent
078c7bc257
commit
36694002e5
@ -1 +1 @@
|
||||
NSS_3_15_2_BETA1
|
||||
NSS_3_15_2_BETA2
|
||||
|
||||
@ -399,6 +399,8 @@ const char * V2CipherString(int cs_int)
|
||||
case 0x000099: cs_str = "TLS/DHE-DSS/SEED-CBC/SHA"; break;
|
||||
case 0x00009A: cs_str = "TLS/DHE-RSA/SEED-CBC/SHA"; break;
|
||||
case 0x00009B: cs_str = "TLS/DH-ANON/SEED-CBC/SHA"; break;
|
||||
case 0x00009C: cs_str = "TLS/RSA/AES128-GCM/SHA256"; break;
|
||||
case 0x00009E: cs_str = "TLS/DHE-RSA/AES128-GCM/SHA256"; break;
|
||||
|
||||
case 0x0000FF: cs_str = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; break;
|
||||
|
||||
@ -438,6 +440,7 @@ const char * V2CipherString(int cs_int)
|
||||
case 0x00C02A: cs_str = "TLS/ECDH-RSA/AES256-CBC/SHA384"; break;
|
||||
case 0x00C02B: cs_str = "TLS/ECDHE-ECDSA/AES128-GCM/SHA256"; break;
|
||||
case 0x00C02C: cs_str = "TLS/ECDHE-ECDSA/AES256-GCM/SHA384"; break;
|
||||
case 0x00C02F: cs_str = "TLS/ECDHE-RSA/AES128-GCM/SHA256"; break;
|
||||
|
||||
case 0x00FEFF: cs_str = "SSL3/RSA-FIPS/3DESEDE-CBC/SHA"; break;
|
||||
case 0x00FEFE: cs_str = "SSL3/RSA-FIPS/DES-CBC/SHA"; break;
|
||||
|
||||
@ -235,6 +235,9 @@ static void PrintParameterUsage(void)
|
||||
fprintf(stderr, "%-20s Test -F allows 0=any (default), 1=only OCSP, 2=only CRL\n", "-M");
|
||||
fprintf(stderr, "%-20s Restrict ciphers\n", "-c ciphers");
|
||||
fprintf(stderr, "%-20s Print cipher values allowed for parameter -c and exit\n", "-Y");
|
||||
fprintf(stderr, "%-20s Enforce using an IPv4 destination address\n", "-4");
|
||||
fprintf(stderr, "%-20s Enforce using an IPv6 destination address\n", "-6");
|
||||
fprintf(stderr, "%-20s (Options -4 and -6 cannot be combined.)\n", "");
|
||||
}
|
||||
|
||||
static void Usage(const char *progName)
|
||||
@ -806,6 +809,8 @@ int main(int argc, char **argv)
|
||||
PRSocketOptionData opt;
|
||||
PRNetAddr addr;
|
||||
PRPollDesc pollset[2];
|
||||
PRBool allowIPv4 = PR_TRUE;
|
||||
PRBool allowIPv6 = PR_TRUE;
|
||||
PRBool pingServerFirst = PR_FALSE;
|
||||
int pingTimeoutSeconds = -1;
|
||||
PRBool clientSpeaksFirst = PR_FALSE;
|
||||
@ -846,12 +851,15 @@ int main(int argc, char **argv)
|
||||
SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
|
||||
|
||||
optstate = PL_CreateOptState(argc, argv,
|
||||
"BFM:OSTV:W:Ya:c:d:fgh:m:n:op:qr:st:uvw:xz");
|
||||
"46BFM:OSTV:W:Ya:c:d:fgh:m:n:op:qr:st:uvw:xz");
|
||||
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
switch (optstate->option) {
|
||||
case '?':
|
||||
default : Usage(progName); break;
|
||||
|
||||
case '4': allowIPv6 = PR_FALSE; if (!allowIPv4) Usage(progName); break;
|
||||
case '6': allowIPv4 = PR_FALSE; if (!allowIPv6) Usage(progName); break;
|
||||
|
||||
case 'B': bypassPKCS11 = 1; break;
|
||||
|
||||
case 'F': if (serverCertAuth.testFreshStatusFromSideChannel) {
|
||||
@ -986,11 +994,15 @@ int main(int argc, char **argv)
|
||||
SECU_PrintError(progName, "error looking up host");
|
||||
return 1;
|
||||
}
|
||||
do {
|
||||
for (;;) {
|
||||
enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, portno, &addr);
|
||||
} while (enumPtr != NULL &&
|
||||
addr.raw.family != PR_AF_INET &&
|
||||
addr.raw.family != PR_AF_INET6);
|
||||
if (enumPtr == NULL)
|
||||
break;
|
||||
if (addr.raw.family == PR_AF_INET && allowIPv4)
|
||||
break;
|
||||
if (addr.raw.family == PR_AF_INET6 && allowIPv6)
|
||||
break;
|
||||
}
|
||||
PR_FreeAddrInfo(addrInfo);
|
||||
if (enumPtr == NULL) {
|
||||
SECU_PrintError(progName, "error looking up host address");
|
||||
|
||||
@ -10,4 +10,3 @@
|
||||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
||||
@ -268,7 +268,7 @@ extern SECKEYPublicKey *CERT_ExtractPublicKey(CERTCertificate *cert);
|
||||
** Retrieve the Key Type associated with the cert we're dealing with
|
||||
*/
|
||||
|
||||
extern KeyType CERT_GetCertKeyType (CERTSubjectPublicKeyInfo *spki);
|
||||
extern KeyType CERT_GetCertKeyType (const CERTSubjectPublicKeyInfo *spki);
|
||||
|
||||
/*
|
||||
** Initialize the certificate database. This is called to create
|
||||
|
||||
@ -1041,8 +1041,8 @@ typedef enum {
|
||||
* Whether or not to use a method for revocation testing.
|
||||
* If set to "do not test", then all other flags are ignored.
|
||||
*/
|
||||
#define CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0L
|
||||
#define CERT_REV_M_TEST_USING_THIS_METHOD 1L
|
||||
#define CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0UL
|
||||
#define CERT_REV_M_TEST_USING_THIS_METHOD 1UL
|
||||
|
||||
/*
|
||||
* Whether or not NSS is allowed to attempt to fetch fresh information
|
||||
@ -1050,8 +1050,8 @@ typedef enum {
|
||||
* (Although fetching will never happen if fresh information for the
|
||||
* method is already locally available.)
|
||||
*/
|
||||
#define CERT_REV_M_ALLOW_NETWORK_FETCHING 0L
|
||||
#define CERT_REV_M_FORBID_NETWORK_FETCHING 2L
|
||||
#define CERT_REV_M_ALLOW_NETWORK_FETCHING 0UL
|
||||
#define CERT_REV_M_FORBID_NETWORK_FETCHING 2UL
|
||||
|
||||
/*
|
||||
* Example for an implicit default source:
|
||||
@ -1065,8 +1065,8 @@ typedef enum {
|
||||
* then we continue to use what's available (or not available)
|
||||
* in the certs.
|
||||
*/
|
||||
#define CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0L
|
||||
#define CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 4L
|
||||
#define CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0UL
|
||||
#define CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 4UL
|
||||
|
||||
/*
|
||||
* Defines the behavior if no fresh information is available,
|
||||
@ -1080,8 +1080,8 @@ typedef enum {
|
||||
* We still require that fresh information is available.
|
||||
* Other flags define what happens on missing fresh info.
|
||||
*/
|
||||
#define CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0L
|
||||
#define CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 8L
|
||||
#define CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0UL
|
||||
#define CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 8UL
|
||||
|
||||
/*
|
||||
* Defines the behavior if we are unable to obtain fresh information.
|
||||
@ -1090,8 +1090,8 @@ typedef enum {
|
||||
* FAIL means:
|
||||
* Return "cert revoked".
|
||||
*/
|
||||
#define CERT_REV_M_IGNORE_MISSING_FRESH_INFO 0L
|
||||
#define CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO 16L
|
||||
#define CERT_REV_M_IGNORE_MISSING_FRESH_INFO 0UL
|
||||
#define CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO 16UL
|
||||
|
||||
/*
|
||||
* What should happen if we were able to find fresh information using
|
||||
@ -1103,8 +1103,8 @@ typedef enum {
|
||||
* We will continue and test the next allowed
|
||||
* specified method.
|
||||
*/
|
||||
#define CERT_REV_M_STOP_TESTING_ON_FRESH_INFO 0L
|
||||
#define CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 32L
|
||||
#define CERT_REV_M_STOP_TESTING_ON_FRESH_INFO 0UL
|
||||
#define CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 32UL
|
||||
|
||||
/*
|
||||
* The following flags are supposed to be used to control bits in
|
||||
@ -1125,8 +1125,8 @@ typedef enum {
|
||||
* which are already locally available. Only after that is done
|
||||
* consider to fetch from the network (as allowed by other flags).
|
||||
*/
|
||||
#define CERT_REV_MI_TEST_EACH_METHOD_SEPARATELY 0L
|
||||
#define CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 1L
|
||||
#define CERT_REV_MI_TEST_EACH_METHOD_SEPARATELY 0UL
|
||||
#define CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 1UL
|
||||
|
||||
/*
|
||||
* Use this flag to specify that it's necessary that fresh information
|
||||
@ -1141,8 +1141,8 @@ typedef enum {
|
||||
* This setting overrides the CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
|
||||
* flag on all methods.
|
||||
*/
|
||||
#define CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0L
|
||||
#define CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 2L
|
||||
#define CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0UL
|
||||
#define CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 2UL
|
||||
|
||||
|
||||
typedef struct {
|
||||
|
||||
@ -95,12 +95,12 @@ SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *k);
|
||||
/*
|
||||
** Decode a DER encoded public key into an SECKEYPublicKey structure.
|
||||
*/
|
||||
extern SECKEYPublicKey *SECKEY_DecodeDERPublicKey(SECItem *pubkder);
|
||||
extern SECKEYPublicKey *SECKEY_DecodeDERPublicKey(const SECItem *pubkder);
|
||||
|
||||
/*
|
||||
** Convert a base64 ascii encoded DER public key to our internal format.
|
||||
*/
|
||||
extern SECKEYPublicKey *SECKEY_ConvertAndDecodePublicKey(char *pubkstr);
|
||||
extern SECKEYPublicKey *SECKEY_ConvertAndDecodePublicKey(const char *pubkstr);
|
||||
|
||||
/*
|
||||
** Convert a base64 ascii encoded DER public key and challenge to spki,
|
||||
@ -122,21 +122,21 @@ SECKEY_EncodeDERSubjectPublicKeyInfo(SECKEYPublicKey *pubk);
|
||||
** CERTSubjectPublicKeyInfo structure.
|
||||
*/
|
||||
extern CERTSubjectPublicKeyInfo *
|
||||
SECKEY_DecodeDERSubjectPublicKeyInfo(SECItem *spkider);
|
||||
SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider);
|
||||
|
||||
/*
|
||||
** Convert a base64 ascii encoded DER subject public key info to our
|
||||
** internal format.
|
||||
*/
|
||||
extern CERTSubjectPublicKeyInfo *
|
||||
SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(char *spkistr);
|
||||
SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr);
|
||||
|
||||
/*
|
||||
* extract the public key from a subject Public Key info structure.
|
||||
* (used by JSS).
|
||||
*/
|
||||
extern SECKEYPublicKey *
|
||||
SECKEY_ExtractPublicKey(CERTSubjectPublicKeyInfo *);
|
||||
SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *);
|
||||
|
||||
/*
|
||||
** Destroy a private key object.
|
||||
@ -183,7 +183,7 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
|
||||
extern SECStatus
|
||||
SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
|
||||
SECKEYPrivateKeyInfo *to,
|
||||
SECKEYPrivateKeyInfo *from);
|
||||
const SECKEYPrivateKeyInfo *from);
|
||||
|
||||
extern SECStatus
|
||||
SECKEY_CacheStaticFlags(SECKEYPrivateKey* key);
|
||||
@ -199,19 +199,19 @@ SECKEY_CacheStaticFlags(SECKEYPrivateKey* key);
|
||||
extern SECStatus
|
||||
SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
|
||||
SECKEYEncryptedPrivateKeyInfo *to,
|
||||
SECKEYEncryptedPrivateKeyInfo *from);
|
||||
const SECKEYEncryptedPrivateKeyInfo *from);
|
||||
/*
|
||||
* Accessor functions for key type of public and private keys.
|
||||
*/
|
||||
KeyType SECKEY_GetPrivateKeyType(SECKEYPrivateKey *privKey);
|
||||
KeyType SECKEY_GetPublicKeyType(SECKEYPublicKey *pubKey);
|
||||
KeyType SECKEY_GetPrivateKeyType(const SECKEYPrivateKey *privKey);
|
||||
KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey);
|
||||
|
||||
/*
|
||||
* Creates a PublicKey from its DER encoding.
|
||||
* Currently only supports RSA and DSA keys.
|
||||
*/
|
||||
SECKEYPublicKey*
|
||||
SECKEY_ImportDERPublicKey(SECItem *derKey, CK_KEY_TYPE type);
|
||||
SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type);
|
||||
|
||||
SECKEYPrivateKeyList*
|
||||
SECKEY_NewPrivateKeyList(void);
|
||||
|
||||
@ -444,8 +444,9 @@ SECKEY_UpdateCertPQG(CERTCertificate * subjectCert)
|
||||
* the normal standard format. Store the decoded parameters in
|
||||
* a V3 certificate data structure. */
|
||||
|
||||
SECStatus
|
||||
SECKEY_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params) {
|
||||
static SECStatus
|
||||
seckey_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk,
|
||||
const SECItem *params) {
|
||||
SECStatus rv;
|
||||
SECItem newparams;
|
||||
|
||||
@ -539,13 +540,13 @@ seckey_GetKeyType (SECOidTag tag) {
|
||||
|
||||
/* Function used to determine what kind of cert we are dealing with. */
|
||||
KeyType
|
||||
CERT_GetCertKeyType (CERTSubjectPublicKeyInfo *spki)
|
||||
CERT_GetCertKeyType (const CERTSubjectPublicKeyInfo *spki)
|
||||
{
|
||||
return seckey_GetKeyType(SECOID_GetAlgorithmTag(&spki->algorithm));
|
||||
}
|
||||
|
||||
static SECKEYPublicKey *
|
||||
seckey_ExtractPublicKey(CERTSubjectPublicKeyInfo *spki)
|
||||
seckey_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki)
|
||||
{
|
||||
SECKEYPublicKey *pubk;
|
||||
SECItem os, newOs, newParms;
|
||||
@ -594,7 +595,7 @@ seckey_ExtractPublicKey(CERTSubjectPublicKeyInfo *spki)
|
||||
rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_DSAPublicKeyTemplate, &newOs);
|
||||
if (rv != SECSuccess) break;
|
||||
|
||||
rv = SECKEY_DSADecodePQG(arena, pubk,
|
||||
rv = seckey_DSADecodePQG(arena, pubk,
|
||||
&spki->algorithm.parameters);
|
||||
|
||||
if (rv == SECSuccess) return pubk;
|
||||
@ -644,7 +645,7 @@ seckey_ExtractPublicKey(CERTSubjectPublicKeyInfo *spki)
|
||||
|
||||
/* required for JSS */
|
||||
SECKEYPublicKey *
|
||||
SECKEY_ExtractPublicKey(CERTSubjectPublicKeyInfo *spki)
|
||||
SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki)
|
||||
{
|
||||
return seckey_ExtractPublicKey(spki);
|
||||
}
|
||||
@ -1344,7 +1345,7 @@ SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki)
|
||||
* similiar to CERT_ExtractPublicKey for other key times.
|
||||
*/
|
||||
SECKEYPublicKey *
|
||||
SECKEY_DecodeDERPublicKey(SECItem *pubkder)
|
||||
SECKEY_DecodeDERPublicKey(const SECItem *pubkder)
|
||||
{
|
||||
PLArenaPool *arena;
|
||||
SECKEYPublicKey *pubk;
|
||||
@ -1385,7 +1386,7 @@ SECKEY_DecodeDERPublicKey(SECItem *pubkder)
|
||||
* Decode a base64 ascii encoded DER encoded public key.
|
||||
*/
|
||||
SECKEYPublicKey *
|
||||
SECKEY_ConvertAndDecodePublicKey(char *pubkstr)
|
||||
SECKEY_ConvertAndDecodePublicKey(const char *pubkstr)
|
||||
{
|
||||
SECKEYPublicKey *pubk;
|
||||
SECStatus rv;
|
||||
@ -1425,7 +1426,7 @@ finish:
|
||||
|
||||
|
||||
CERTSubjectPublicKeyInfo *
|
||||
SECKEY_DecodeDERSubjectPublicKeyInfo(SECItem *spkider)
|
||||
SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider)
|
||||
{
|
||||
PLArenaPool *arena;
|
||||
CERTSubjectPublicKeyInfo *spki;
|
||||
@ -1464,7 +1465,7 @@ SECKEY_DecodeDERSubjectPublicKeyInfo(SECItem *spkider)
|
||||
* Decode a base64 ascii encoded DER encoded subject public key info.
|
||||
*/
|
||||
CERTSubjectPublicKeyInfo *
|
||||
SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(char *spkistr)
|
||||
SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr)
|
||||
{
|
||||
CERTSubjectPublicKeyInfo *spki;
|
||||
SECStatus rv;
|
||||
@ -1647,7 +1648,7 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
|
||||
SECStatus
|
||||
SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
|
||||
SECKEYPrivateKeyInfo *to,
|
||||
SECKEYPrivateKeyInfo *from)
|
||||
const SECKEYPrivateKeyInfo *from)
|
||||
{
|
||||
SECStatus rv = SECFailure;
|
||||
|
||||
@ -1671,7 +1672,7 @@ SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
|
||||
SECStatus
|
||||
SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
|
||||
SECKEYEncryptedPrivateKeyInfo *to,
|
||||
SECKEYEncryptedPrivateKeyInfo *from)
|
||||
const SECKEYEncryptedPrivateKeyInfo *from)
|
||||
{
|
||||
SECStatus rv = SECFailure;
|
||||
|
||||
@ -1689,19 +1690,19 @@ SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
|
||||
}
|
||||
|
||||
KeyType
|
||||
SECKEY_GetPrivateKeyType(SECKEYPrivateKey *privKey)
|
||||
SECKEY_GetPrivateKeyType(const SECKEYPrivateKey *privKey)
|
||||
{
|
||||
return privKey->keyType;
|
||||
}
|
||||
|
||||
KeyType
|
||||
SECKEY_GetPublicKeyType(SECKEYPublicKey *pubKey)
|
||||
SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey)
|
||||
{
|
||||
return pubKey->keyType;
|
||||
}
|
||||
|
||||
SECKEYPublicKey*
|
||||
SECKEY_ImportDERPublicKey(SECItem *derKey, CK_KEY_TYPE type)
|
||||
SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type)
|
||||
{
|
||||
SECKEYPublicKey *pubk = NULL;
|
||||
SECStatus rv = SECFailure;
|
||||
|
||||
@ -293,12 +293,12 @@ SECStatus SECOID_SetAlgorithmID(PLArenaPool *arena, SECAlgorithmID *aid,
|
||||
}
|
||||
|
||||
SECStatus SECOID_CopyAlgorithmID(PLArenaPool *arena, SECAlgorithmID *dest,
|
||||
SECAlgorithmID *src)
|
||||
const SECAlgorithmID *src)
|
||||
{
|
||||
return SECOID_CopyAlgorithmID_Util(arena, dest, src);
|
||||
}
|
||||
|
||||
SECOidTag SECOID_GetAlgorithmTag(SECAlgorithmID *aid)
|
||||
SECOidTag SECOID_GetAlgorithmTag(const SECAlgorithmID *aid)
|
||||
{
|
||||
return SECOID_GetAlgorithmTag_Util(aid);
|
||||
}
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
#include "secerr.h"
|
||||
|
||||
SECOidTag
|
||||
SECOID_GetAlgorithmTag(SECAlgorithmID *id)
|
||||
SECOID_GetAlgorithmTag(const SECAlgorithmID *id)
|
||||
{
|
||||
if (id == NULL || id->algorithm.data == NULL)
|
||||
return SEC_OID_UNKNOWN;
|
||||
@ -97,7 +97,8 @@ SECOID_SetAlgorithmID(PLArenaPool *arena, SECAlgorithmID *id, SECOidTag which,
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SECOID_CopyAlgorithmID(PLArenaPool *arena, SECAlgorithmID *to, SECAlgorithmID *from)
|
||||
SECOID_CopyAlgorithmID(PLArenaPool *arena, SECAlgorithmID *to,
|
||||
const SECAlgorithmID *from)
|
||||
{
|
||||
SECStatus rv;
|
||||
|
||||
|
||||
@ -54,12 +54,12 @@ extern SECStatus SECOID_SetAlgorithmID(PLArenaPool *arena, SECAlgorithmID *aid,
|
||||
** to do that).
|
||||
*/
|
||||
extern SECStatus SECOID_CopyAlgorithmID(PLArenaPool *arena, SECAlgorithmID *dest,
|
||||
SECAlgorithmID *src);
|
||||
const SECAlgorithmID *src);
|
||||
|
||||
/*
|
||||
** Get the tag number for the given algorithm-id object.
|
||||
*/
|
||||
extern SECOidTag SECOID_GetAlgorithmTag(SECAlgorithmID *aid);
|
||||
extern SECOidTag SECOID_GetAlgorithmTag(const SECAlgorithmID *aid);
|
||||
|
||||
/*
|
||||
** Destroy an algorithm-id object.
|
||||
|
||||
@ -358,6 +358,7 @@ done:
|
||||
status = PR_Access(olddbname, PR_ACCESS_EXISTS);
|
||||
if (status == PR_SUCCESS) {
|
||||
PR_smprintf_free(olddbname);
|
||||
PORT_ZFree(moduleList, useCount*sizeof(char **));
|
||||
PORT_SetError(SEC_ERROR_LEGACY_DATABASE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -51,46 +51,49 @@ ocsp_init()
|
||||
|
||||
ocsp_stapling()
|
||||
{
|
||||
# Parameter -4 is used as a temporary workaround for lack of IPv6 connectivity
|
||||
# on some build bot slaves.
|
||||
|
||||
TESTNAME="startssl valid, supports OCSP stapling"
|
||||
echo "$SCRIPTNAME: $TESTNAME"
|
||||
echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}
|
||||
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}
|
||||
html_msg $? 0 "$TESTNAME"
|
||||
|
||||
TESTNAME="startssl revoked, supports OCSP stapling"
|
||||
echo "$SCRIPTNAME: $TESTNAME"
|
||||
echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}
|
||||
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}
|
||||
html_msg $? 3 "$TESTNAME"
|
||||
|
||||
TESTNAME="comodo trial test expired revoked, supports OCSP stapling"
|
||||
echo "$SCRIPTNAME: $TESTNAME"
|
||||
echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF}
|
||||
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF}
|
||||
html_msg $? 1 "$TESTNAME"
|
||||
|
||||
TESTNAME="thawte (expired) valid, supports OCSP stapling"
|
||||
echo "$SCRIPTNAME: $TESTNAME"
|
||||
echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF}
|
||||
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF}
|
||||
html_msg $? 1 "$TESTNAME"
|
||||
|
||||
TESTNAME="thawte (expired) revoked, supports OCSP stapling"
|
||||
echo "$SCRIPTNAME: $TESTNAME"
|
||||
echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF}
|
||||
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF}
|
||||
html_msg $? 1 "$TESTNAME"
|
||||
|
||||
TESTNAME="digicert valid, supports OCSP stapling"
|
||||
echo "$SCRIPTNAME: $TESTNAME"
|
||||
echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF}
|
||||
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF}
|
||||
html_msg $? 0 "$TESTNAME"
|
||||
|
||||
TESTNAME="digicert revoked, supports OCSP stapling"
|
||||
echo "$SCRIPTNAME: $TESTNAME"
|
||||
echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF}
|
||||
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF}
|
||||
html_msg $? 3 "$TESTNAME"
|
||||
|
||||
TESTNAME="live valid, supports OCSP stapling"
|
||||
@ -101,8 +104,8 @@ ocsp_stapling()
|
||||
|
||||
TESTNAME="startssl valid, doesn't support OCSP stapling"
|
||||
echo "$SCRIPTNAME: $TESTNAME"
|
||||
echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF}
|
||||
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF}"
|
||||
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF}
|
||||
html_msg $? 2 "$TESTNAME"
|
||||
|
||||
TESTNAME="cacert untrusted, doesn't support OCSP stapling"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user