mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1018018: Remove support/mention of proprietary Netscape certificate extensions from PSM, r=cviecco
--HG-- extra : rebase_source : 758ff9384c040084b1015f8025a4ff9f33590176
This commit is contained in:
parent
833425eae1
commit
8dcde055ad
@ -101,17 +101,6 @@ CertDumpIssuerUniqueID=Issuer Unique ID
|
|||||||
CertDumpSubjPubKey=Subject's Public Key
|
CertDumpSubjPubKey=Subject's Public Key
|
||||||
CertDumpSubjectUniqueID=Subject Unique ID
|
CertDumpSubjectUniqueID=Subject Unique ID
|
||||||
CertDumpExtensions=Extensions
|
CertDumpExtensions=Extensions
|
||||||
CertDumpCertType=Netscape Certificate Type
|
|
||||||
CertDumpNSCertExtBaseUrl=Netscape Certificate Extension Base URL
|
|
||||||
CertDumpNSCertExtRevocationUrl=Netscape Certificate Revocation URL
|
|
||||||
CertDumpNSCertExtCARevocationUrl=Netscape Certificate Authority Revocation URL
|
|
||||||
CertDumpNSCertExtCertRenewalUrl=Netscape Certificate Renewal URL
|
|
||||||
CertDumpNSCertExtCAPolicyUrl=Netscape Certificate Authority Policy URL
|
|
||||||
CertDumpNSCertExtSslServerName=Netscape Certificate SSL Server Name
|
|
||||||
CertDumpNSCertExtComment=Netscape Certificate Comment
|
|
||||||
CertDumpNSCertExtLostPasswordUrl=Netscape Lost Password URL
|
|
||||||
CertDumpNSCertExtCertRenewalTime=NetscapeCertificate Renewal Time
|
|
||||||
CertDumpNetscapeAolScreenname=AOL Screenname
|
|
||||||
CertDumpSubjectDirectoryAttr=Certificate Subject Directory Attributes
|
CertDumpSubjectDirectoryAttr=Certificate Subject Directory Attributes
|
||||||
CertDumpSubjectKeyID=Certificate Subject Key ID
|
CertDumpSubjectKeyID=Certificate Subject Key ID
|
||||||
CertDumpKeyUsage=Certificate Key Usage
|
CertDumpKeyUsage=Certificate Key Usage
|
||||||
@ -129,8 +118,6 @@ CertDumpAuthInfoAccess=Authority Information Access
|
|||||||
CertDumpAnsiX9DsaSignature=ANSI X9.57 DSA Signature
|
CertDumpAnsiX9DsaSignature=ANSI X9.57 DSA Signature
|
||||||
CertDumpAnsiX9DsaSignatureWithSha1=ANSI X9.57 DSA Signature with SHA1 Digest
|
CertDumpAnsiX9DsaSignatureWithSha1=ANSI X9.57 DSA Signature with SHA1 Digest
|
||||||
CertDumpAnsiX962ECDsaSignatureWithSha1=ANSI X9.62 ECDSA Signature with SHA1
|
CertDumpAnsiX962ECDsaSignatureWithSha1=ANSI X9.62 ECDSA Signature with SHA1
|
||||||
CertDumpCertTypeEmail=Email
|
|
||||||
CertDumpEmailCA=Email Certificate Authority
|
|
||||||
CertDumpKUSign=Signing
|
CertDumpKUSign=Signing
|
||||||
CertDumpKUNonRep=Non-repudiation
|
CertDumpKUNonRep=Non-repudiation
|
||||||
CertDumpKUEnc=Key Encipherment
|
CertDumpKUEnc=Key Encipherment
|
||||||
|
@ -707,13 +707,7 @@ AppendErrorTextMismatch(const nsString &host,
|
|||||||
useSAN = GetSubjectAltNames(nssCert.get(), component, allNames, nameCount);
|
useSAN = GetSubjectAltNames(nssCert.get(), component, allNames, nameCount);
|
||||||
|
|
||||||
if (!useSAN) {
|
if (!useSAN) {
|
||||||
char *certName = nullptr;
|
char *certName = CERT_GetCommonName(&nssCert->subject);
|
||||||
// currently CERT_FindNSStringExtension is not being exported by NSS.
|
|
||||||
// If it gets exported, enable the following line.
|
|
||||||
// certName = CERT_FindNSStringExtension(nssCert, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);
|
|
||||||
// However, it has been discussed to treat the extension as obsolete and ignore it.
|
|
||||||
if (!certName)
|
|
||||||
certName = CERT_GetCommonName(&nssCert->subject);
|
|
||||||
if (certName) {
|
if (certName) {
|
||||||
++nameCount;
|
++nameCount;
|
||||||
allNames.Assign(NS_ConvertUTF8toUTF16(certName));
|
allNames.Assign(NS_ConvertUTF8toUTF16(certName));
|
||||||
|
@ -285,39 +285,6 @@ GetOIDText(SECItem *oid, nsINSSComponent *nssComponent, nsAString &text)
|
|||||||
case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
|
case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
|
||||||
bundlekey = "CertDumpRSAPSSSignature";
|
bundlekey = "CertDumpRSAPSSSignature";
|
||||||
break;
|
break;
|
||||||
case SEC_OID_NS_CERT_EXT_CERT_TYPE:
|
|
||||||
bundlekey = "CertDumpCertType";
|
|
||||||
break;
|
|
||||||
case SEC_OID_NS_CERT_EXT_BASE_URL:
|
|
||||||
bundlekey = "CertDumpNSCertExtBaseUrl";
|
|
||||||
break;
|
|
||||||
case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
|
|
||||||
bundlekey = "CertDumpNSCertExtRevocationUrl";
|
|
||||||
break;
|
|
||||||
case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
|
|
||||||
bundlekey = "CertDumpNSCertExtCARevocationUrl";
|
|
||||||
break;
|
|
||||||
case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
|
|
||||||
bundlekey = "CertDumpNSCertExtCertRenewalUrl";
|
|
||||||
break;
|
|
||||||
case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
|
|
||||||
bundlekey = "CertDumpNSCertExtCAPolicyUrl";
|
|
||||||
break;
|
|
||||||
case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
|
|
||||||
bundlekey = "CertDumpNSCertExtSslServerName";
|
|
||||||
break;
|
|
||||||
case SEC_OID_NS_CERT_EXT_COMMENT:
|
|
||||||
bundlekey = "CertDumpNSCertExtComment";
|
|
||||||
break;
|
|
||||||
case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
|
|
||||||
bundlekey = "CertDumpNSCertExtLostPasswordUrl";
|
|
||||||
break;
|
|
||||||
case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
|
|
||||||
bundlekey = "CertDumpNSCertExtCertRenewalTime";
|
|
||||||
break;
|
|
||||||
case SEC_OID_NETSCAPE_AOLSCREENNAME:
|
|
||||||
bundlekey = "CertDumpNetscapeAolScreenname";
|
|
||||||
break;
|
|
||||||
case SEC_OID_AVA_COUNTRY_NAME:
|
case SEC_OID_AVA_COUNTRY_NAME:
|
||||||
bundlekey = "CertDumpAVACountry";
|
bundlekey = "CertDumpAVACountry";
|
||||||
break;
|
break;
|
||||||
@ -672,61 +639,6 @@ ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data,
|
|||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
static nsresult
|
|
||||||
ProcessNSCertTypeExtensions(SECItem *extData,
|
|
||||||
nsAString &text,
|
|
||||||
nsINSSComponent *nssComponent)
|
|
||||||
{
|
|
||||||
nsAutoString local;
|
|
||||||
SECItem decoded;
|
|
||||||
decoded.data = nullptr;
|
|
||||||
decoded.len = 0;
|
|
||||||
if (SECSuccess != SEC_ASN1DecodeItem(nullptr, &decoded,
|
|
||||||
SEC_ASN1_GET(SEC_BitStringTemplate), extData)) {
|
|
||||||
nssComponent->GetPIPNSSBundleString("CertDumpExtensionFailure", local);
|
|
||||||
text.Append(local.get());
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
unsigned char nsCertType = decoded.data[0];
|
|
||||||
nsMemory::Free(decoded.data);
|
|
||||||
if (nsCertType & NS_CERT_TYPE_SSL_CLIENT) {
|
|
||||||
nssComponent->GetPIPNSSBundleString("VerifySSLClient", local);
|
|
||||||
text.Append(local.get());
|
|
||||||
text.AppendLiteral(SEPARATOR);
|
|
||||||
}
|
|
||||||
if (nsCertType & NS_CERT_TYPE_SSL_SERVER) {
|
|
||||||
nssComponent->GetPIPNSSBundleString("VerifySSLServer", local);
|
|
||||||
text.Append(local.get());
|
|
||||||
text.AppendLiteral(SEPARATOR);
|
|
||||||
}
|
|
||||||
if (nsCertType & NS_CERT_TYPE_EMAIL) {
|
|
||||||
nssComponent->GetPIPNSSBundleString("CertDumpCertTypeEmail", local);
|
|
||||||
text.Append(local.get());
|
|
||||||
text.AppendLiteral(SEPARATOR);
|
|
||||||
}
|
|
||||||
if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING) {
|
|
||||||
nssComponent->GetPIPNSSBundleString("VerifyObjSign", local);
|
|
||||||
text.Append(local.get());
|
|
||||||
text.AppendLiteral(SEPARATOR);
|
|
||||||
}
|
|
||||||
if (nsCertType & NS_CERT_TYPE_SSL_CA) {
|
|
||||||
nssComponent->GetPIPNSSBundleString("VerifySSLCA", local);
|
|
||||||
text.Append(local.get());
|
|
||||||
text.AppendLiteral(SEPARATOR);
|
|
||||||
}
|
|
||||||
if (nsCertType & NS_CERT_TYPE_EMAIL_CA) {
|
|
||||||
nssComponent->GetPIPNSSBundleString("CertDumpEmailCA", local);
|
|
||||||
text.Append(local.get());
|
|
||||||
text.AppendLiteral(SEPARATOR);
|
|
||||||
}
|
|
||||||
if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING_CA) {
|
|
||||||
nssComponent->GetPIPNSSBundleString("VerifyObjSign", local);
|
|
||||||
text.Append(local.get());
|
|
||||||
text.AppendLiteral(SEPARATOR);
|
|
||||||
}
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static nsresult
|
static nsresult
|
||||||
ProcessKeyUsageExtension(SECItem *extData, nsAString &text,
|
ProcessKeyUsageExtension(SECItem *extData, nsAString &text,
|
||||||
nsINSSComponent *nssComponent)
|
nsINSSComponent *nssComponent)
|
||||||
@ -1610,9 +1522,6 @@ ProcessExtensionData(SECOidTag oidTag, SECItem *extData,
|
|||||||
{
|
{
|
||||||
nsresult rv;
|
nsresult rv;
|
||||||
switch (oidTag) {
|
switch (oidTag) {
|
||||||
case SEC_OID_NS_CERT_EXT_CERT_TYPE:
|
|
||||||
rv = ProcessNSCertTypeExtensions(extData, text, nssComponent);
|
|
||||||
break;
|
|
||||||
case SEC_OID_X509_KEY_USAGE:
|
case SEC_OID_X509_KEY_USAGE:
|
||||||
rv = ProcessKeyUsageExtension(extData, text, nssComponent);
|
rv = ProcessKeyUsageExtension(extData, text, nssComponent);
|
||||||
break;
|
break;
|
||||||
@ -1641,18 +1550,6 @@ ProcessExtensionData(SECOidTag oidTag, SECItem *extData,
|
|||||||
case SEC_OID_X509_AUTH_INFO_ACCESS:
|
case SEC_OID_X509_AUTH_INFO_ACCESS:
|
||||||
rv = ProcessAuthInfoAccess(extData, text, nssComponent);
|
rv = ProcessAuthInfoAccess(extData, text, nssComponent);
|
||||||
break;
|
break;
|
||||||
case SEC_OID_NS_CERT_EXT_BASE_URL:
|
|
||||||
case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
|
|
||||||
case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
|
|
||||||
case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
|
|
||||||
case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
|
|
||||||
case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
|
|
||||||
case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
|
|
||||||
case SEC_OID_NS_CERT_EXT_COMMENT:
|
|
||||||
case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
|
|
||||||
case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
|
|
||||||
rv = ProcessIA5String(extData, text, nssComponent);
|
|
||||||
break;
|
|
||||||
default:
|
default:
|
||||||
if (oidTag == SEC_OID(MS_CERT_EXT_CERTTYPE)) {
|
if (oidTag == SEC_OID(MS_CERT_EXT_CERTTYPE)) {
|
||||||
rv = ProcessBMPString(extData, text, nssComponent);
|
rv = ProcessBMPString(extData, text, nssComponent);
|
||||||
|
Loading…
Reference in New Issue
Block a user