Bug 427081, Allow to override SEC_ERROR_INADEQUATE_KEY_USAGE r=nelson, a1.9=dsicore

2024-09-13 09:24:08 -07:00 · 2008-04-04 17:02:31 -07:00 · 2008-04-04 17:02:31 -07:00 · a608dfde44
commit a608dfde44
parent ac0732ebd6
2 changed files with 5 additions and 0 deletions
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@ -2262,6 +2262,7 @@ nsNSSComponent::GetErrorClass(nsresult aXPCOMErrorCode, PRUint32 *aErrorClass)
    case SEC_ERROR_UNTRUSTED_ISSUER:
    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
    case SEC_ERROR_UNTRUSTED_CERT:
+    case SEC_ERROR_INADEQUATE_KEY_USAGE:
    case SSL_ERROR_BAD_CERT_DOMAIN:
    case SEC_ERROR_EXPIRED_CERTIFICATE:
      *aErrorClass = ERROR_CLASS_BAD_CERT;
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@ -775,6 +775,9 @@ AppendErrorTextUntrusted(PRErrorCode errTrust,
      case SEC_ERROR_UNKNOWN_ISSUER:
        errorID = "certErrorTrust_UnknownIssuer";
        break;
+      case SEC_ERROR_INADEQUATE_KEY_USAGE:
+        // Should get an individual string in the future
+        // For now, use the same as CaInvalid
      case SEC_ERROR_CA_CERT_INVALID:
        errorID = "certErrorTrust_CaInvalid";
        break;
@ -2821,6 +2824,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
        case SEC_ERROR_UNTRUSTED_ISSUER:
        case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
        case SEC_ERROR_UNTRUSTED_CERT:
+        case SEC_ERROR_INADEQUATE_KEY_USAGE:
          // We group all these errors as "cert not trusted"
          collected_errors |= nsICertOverrideService::ERROR_UNTRUSTED;
          if (errorCodeTrust == SECSuccess) {