wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Back out cset 9b72d139e817 (Bug 1063281, Part 9) due to compatibility regressions on a CLOSED TREE, a=ryanvm

Browse Source 
--HG--
extra : rebase_source : cd9b43c3f66df3c5de337f2013fe61fae798b3ba
This commit is contained in:
Brian Smith 2014-10-28 12:30:53 -07:00
parent c52190b294
commit 5b092d4b63
4 changed files with 14 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/external/nss/nss.def vendored
View File

@ -146,6 +146,7 @@ CERT_StartCertificateRequestAttributes
CERT_SubjectPublicKeyInfoTemplate DATA
CERT_TimeChoiceTemplate DATA
CERT_VerifyCertificate
CERT_VerifyCertName
CERT_VerifySignedDataWithPublicKeyInfo
DER_AsciiToTime_Util
DER_DecodeTimeChoice_Util

22
security/certverifier/CertVerifier.cpp
View File

@ -438,7 +438,7 @@ CertVerifier::VerifySSLServerCert(CERTCertificate* peerCert,
}
ScopedCERTCertList builtChainTemp;
// CreateCertErrorRunnable assumes that CheckCertHostname is only called
// CreateCertErrorRunnable assumes that CERT_VerifyCertName is only called
// if VerifyCert succeeded.
SECStatus rv = VerifyCert(peerCert, certificateUsageSSLServer, time, pinarg,
hostname, flags, stapledOCSPResponse,
@ -447,23 +447,9 @@ CertVerifier::VerifySSLServerCert(CERTCertificate* peerCert,
return rv;
}
Input peerCertInput;
Result result = peerCertInput.Init(peerCert->derCert.data,
peerCert->derCert.len);
if (result != Success) {
PR_SetError(MapResultToPRErrorCode(result), 0);
return SECFailure;
}
Input hostnameInput;
result = hostnameInput.Init(uint8_t_ptr_cast(hostname), strlen(hostname));
if (result != Success) {
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
return SECFailure;
}
result = CheckCertHostname(peerCertInput, hostnameInput);
if (result != Success) {
PR_SetError(MapResultToPRErrorCode(result), 0);
return SECFailure;
rv = CERT_VerifyCertName(peerCert, hostname);
if (rv != SECSuccess) {
return rv;
}
if (saveIntermediatesInPermanentDatabase) {

27
security/manager/ssl/src/SSLServerCertVerification.cpp
View File

@ -96,7 +96,7 @@
#include <cstring>
#include "pkix/pkix.h"
#include "pkix/pkixtypes.h"
#include "pkix/pkixnss.h"
#include "pkix/ScopedPtr.h"
#include "CertVerifier.h"
@ -328,7 +328,7 @@ DetermineCertOverrideErrors(CERTCertificate* cert, const char* hostName,
MOZ_ASSERT(errorCodeExpired == 0);
// Assumes the error prioritization described in mozilla::pkix's
// BuildForward function. Also assumes that CheckCertHostname was only
// BuildForward function. Also assumes that CERT_VerifyCertName was only
// called if CertVerifier::VerifyCert succeeded.
switch (defaultErrorCodeToReport) {
case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
@ -373,25 +373,14 @@ DetermineCertOverrideErrors(CERTCertificate* cert, const char* hostName,
}
if (defaultErrorCodeToReport != SSL_ERROR_BAD_CERT_DOMAIN) {
Input certInput;
if (certInput.Init(cert->derCert.data, cert->derCert.len) != Success) {
PR_SetError(SEC_ERROR_BAD_DER, 0);
return SECFailure;
}
Input hostnameInput;
Result result = hostnameInput.Init(uint8_t_ptr_cast(hostName),
strlen(hostName));
if (result != Success) {
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
return SECFailure;
}
result = CheckCertHostname(certInput, hostnameInput);
if (result == Result::ERROR_BAD_CERT_DOMAIN) {
if (CERT_VerifyCertName(cert, hostName) != SECSuccess) {
if (PR_GetError() != SSL_ERROR_BAD_CERT_DOMAIN) {
PR_SetError(defaultErrorCodeToReport, 0);
return SECFailure;
}
collectedErrors |= nsICertOverrideService::ERROR_MISMATCH;
errorCodeMismatch = SSL_ERROR_BAD_CERT_DOMAIN;
} else if (result != Success) {
PR_SetError(defaultErrorCodeToReport, 0);
return SECFailure;
}
}

1
security/nss/coreconf/coreconf.dep
View File

@ -10,3 +10,4 @@
*/
#error "Do not include this header file."