mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 891066, Part 7: Give CertVerifier its own NSPR logging module, r=cviecco
--HG-- extra : rebase_source : a6b38c4026fe70c9789cbe4830df57c943382f5b extra : source : 591daff856840016c979ed9b4fdbed4ed68f22a6
This commit is contained in:
parent
90ca67f6b9
commit
b44267cc19
@ -21,8 +21,8 @@
|
|||||||
using namespace insanity::pkix;
|
using namespace insanity::pkix;
|
||||||
using namespace mozilla::psm;
|
using namespace mozilla::psm;
|
||||||
|
|
||||||
#ifdef PR_LOGGING
|
#ifdef MOZ_LOGGING
|
||||||
extern PRLogModuleInfo* gPIPNSSLog;
|
static PRLogModuleInfo* gCertVerifierLog = nullptr;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
namespace mozilla { namespace psm {
|
namespace mozilla { namespace psm {
|
||||||
@ -49,6 +49,16 @@ CertVerifier::~CertVerifier()
|
|||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
InitCertVerifierLog()
|
||||||
|
{
|
||||||
|
#ifdef MOZ_LOGGING
|
||||||
|
if (!gCertVerifierLog) {
|
||||||
|
gCertVerifierLog = PR_NewLogModule("certverifier");
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
static SECStatus
|
static SECStatus
|
||||||
ClassicVerifyCert(CERTCertificate* cert,
|
ClassicVerifyCert(CERTCertificate* cert,
|
||||||
const SECCertificateUsage usage,
|
const SECCertificateUsage usage,
|
||||||
@ -113,7 +123,7 @@ ClassicVerifyCert(CERTCertificate* cert,
|
|||||||
usage, time, pinArg, verifyLog, nullptr);
|
usage, time, pinArg, verifyLog, nullptr);
|
||||||
}
|
}
|
||||||
if (rv == SECSuccess && validationChain) {
|
if (rv == SECSuccess && validationChain) {
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: getting chain in 'classic' \n"));
|
PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: getting chain in 'classic' \n"));
|
||||||
*validationChain = CERT_GetCertChainFromCert(cert, time, enumUsage);
|
*validationChain = CERT_GetCertChainFromCert(cert, time, enumUsage);
|
||||||
if (!*validationChain) {
|
if (!*validationChain) {
|
||||||
rv = SECFailure;
|
rv = SECFailure;
|
||||||
@ -215,7 +225,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert,
|
|||||||
++i;
|
++i;
|
||||||
}
|
}
|
||||||
if (validationChain) {
|
if (validationChain) {
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: setting up validation chain outparam.\n"));
|
PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: setting up validation chain outparam.\n"));
|
||||||
validationChainLocation = i;
|
validationChainLocation = i;
|
||||||
cvout[i].type = cert_po_certList;
|
cvout[i].type = cert_po_certList;
|
||||||
cvout[i].value.pointer.chain = nullptr;
|
cvout[i].value.pointer.chain = nullptr;
|
||||||
@ -304,11 +314,11 @@ CertVerifier::VerifyCert(CERTCertificate* cert,
|
|||||||
if (evOidPolicy) {
|
if (evOidPolicy) {
|
||||||
*evOidPolicy = evPolicy;
|
*evOidPolicy = evPolicy;
|
||||||
}
|
}
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
|
PR_LOG(gCertVerifierLog, PR_LOG_DEBUG,
|
||||||
("VerifyCert: successful CERT_PKIXVerifyCert(ev) \n"));
|
("VerifyCert: successful CERT_PKIXVerifyCert(ev) \n"));
|
||||||
goto pkix_done;
|
goto pkix_done;
|
||||||
}
|
}
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
|
PR_LOG(gCertVerifierLog, PR_LOG_DEBUG,
|
||||||
("VerifyCert: failed CERT_PKIXVerifyCert(ev)\n"));
|
("VerifyCert: failed CERT_PKIXVerifyCert(ev)\n"));
|
||||||
|
|
||||||
if (validationChain) {
|
if (validationChain) {
|
||||||
@ -414,12 +424,12 @@ CertVerifier::VerifyCert(CERTCertificate* cert,
|
|||||||
// Skip EV parameters
|
// Skip EV parameters
|
||||||
cvin[evParamLocation].type = cert_pi_end;
|
cvin[evParamLocation].type = cert_pi_end;
|
||||||
|
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: calling CERT_PKIXVerifyCert(dv) \n"));
|
PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: calling CERT_PKIXVerifyCert(dv) \n"));
|
||||||
rv = CERT_PKIXVerifyCert(cert, usage, cvin, cvout, pinArg);
|
rv = CERT_PKIXVerifyCert(cert, usage, cvin, cvout, pinArg);
|
||||||
|
|
||||||
pkix_done:
|
pkix_done:
|
||||||
if (validationChain) {
|
if (validationChain) {
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: validation chain requested\n"));
|
PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: validation chain requested\n"));
|
||||||
ScopedCERTCertificate trustAnchor(cvout[validationTrustAnchorLocation].value.pointer.cert);
|
ScopedCERTCertificate trustAnchor(cvout[validationTrustAnchorLocation].value.pointer.cert);
|
||||||
|
|
||||||
if (rv == SECSuccess) {
|
if (rv == SECSuccess) {
|
||||||
@ -427,14 +437,14 @@ pkix_done:
|
|||||||
PR_SetError(PR_UNKNOWN_ERROR, 0);
|
PR_SetError(PR_UNKNOWN_ERROR, 0);
|
||||||
return SECFailure;
|
return SECFailure;
|
||||||
}
|
}
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: I have a chain\n"));
|
PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: I have a chain\n"));
|
||||||
*validationChain = cvout[validationChainLocation].value.pointer.chain;
|
*validationChain = cvout[validationChainLocation].value.pointer.chain;
|
||||||
if (trustAnchor) {
|
if (trustAnchor) {
|
||||||
// we should only add the issuer to the chain if it is not already
|
// we should only add the issuer to the chain if it is not already
|
||||||
// present. On CA cert checking, the issuer is the same cert, so in
|
// present. On CA cert checking, the issuer is the same cert, so in
|
||||||
// that case we do not add the cert to the chain.
|
// that case we do not add the cert to the chain.
|
||||||
if (!CERT_CompareCerts(trustAnchor.get(), cert)) {
|
if (!CERT_CompareCerts(trustAnchor.get(), cert)) {
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("VerifyCert: adding issuer to tail for display\n"));
|
PR_LOG(gCertVerifierLog, PR_LOG_DEBUG, ("VerifyCert: adding issuer to tail for display\n"));
|
||||||
// note: rv is reused to catch errors on cert creation!
|
// note: rv is reused to catch errors on cert creation!
|
||||||
ScopedCERTCertificate tempCert(CERT_DupCertificate(trustAnchor.get()));
|
ScopedCERTCertificate tempCert(CERT_DupCertificate(trustAnchor.get()));
|
||||||
rv = CERT_AddCertToListTail(validationChain->get(), tempCert.get());
|
rv = CERT_AddCertToListTail(validationChain->get(), tempCert.get());
|
||||||
|
@ -71,6 +71,7 @@ public:
|
|||||||
const bool mOCSPGETEnabled;
|
const bool mOCSPGETEnabled;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
void InitCertVerifierLog();
|
||||||
} } // namespace mozilla::psm
|
} } // namespace mozilla::psm
|
||||||
|
|
||||||
#endif // mozilla_psm__CertVerifier_h
|
#endif // mozilla_psm__CertVerifier_h
|
||||||
|
@ -1128,6 +1128,8 @@ nsNSSComponent::InitializeNSS()
|
|||||||
|
|
||||||
ConfigureInternalPKCS11Token();
|
ConfigureInternalPKCS11Token();
|
||||||
|
|
||||||
|
InitCertVerifierLog();
|
||||||
|
|
||||||
SECStatus init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false);
|
SECStatus init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false);
|
||||||
if (init_rv != SECSuccess) {
|
if (init_rv != SECSuccess) {
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
|
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
|
||||||
|
Loading…
Reference in New Issue
Block a user