зеркало из https://github.com/mozilla/gecko-dev.git
Backed out changeset 7e50f86ea20b (bug 1666567) for security related bustage CLOSED TREE
UPGRADE_NSS_RELEASE
This commit is contained in:
Родитель
6d1f7fdce9
Коммит
24d9b1dbae
|
@ -1 +1 @@
|
|||
8ebee3cec9cf
|
||||
c28e20f61e5d
|
|
@ -10,3 +10,4 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -152,11 +152,14 @@ private:
|
|||
return Success;
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*,
|
||||
/*optional*/ const Input*)
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
|
||||
Time validityBeginning, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*)
|
||||
override
|
||||
{
|
||||
// All of the certificates in this test for which this is called have a
|
||||
// validity period that begins "one day before now".
|
||||
EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
|
||||
return Success;
|
||||
}
|
||||
|
||||
|
@ -302,11 +305,14 @@ public:
|
|||
return Success;
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*,
|
||||
/*optional*/ const Input*)
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
|
||||
Time validityBeginning, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*)
|
||||
override
|
||||
{
|
||||
// All of the certificates in this test for which this is called have a
|
||||
// validity period that begins "one day before now".
|
||||
EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
|
||||
return Success;
|
||||
}
|
||||
|
||||
|
@ -323,9 +329,8 @@ public:
|
|||
{
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*,
|
||||
/*optional*/ const Input*)
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*)
|
||||
override
|
||||
{
|
||||
ADD_FAILURE();
|
||||
|
@ -445,11 +450,14 @@ public:
|
|||
return Success;
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*,
|
||||
/*optional*/ const Input*)
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
|
||||
Time validityBeginning, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*)
|
||||
override
|
||||
{
|
||||
// All of the certificates in this test for which this is called have a
|
||||
// validity period that begins "one day before now".
|
||||
EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
|
||||
return Success;
|
||||
}
|
||||
|
||||
|
@ -669,11 +677,14 @@ private:
|
|||
return Success;
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
/*optional*/ const Input*,
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
|
||||
Time validityBeginning, Duration,
|
||||
/*optional*/ const Input*,
|
||||
/*optional*/ const Input*) override
|
||||
{
|
||||
// All of the certificates in this test for which this is called have a
|
||||
// validity period that begins "one day before now".
|
||||
EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
|
||||
return Success;
|
||||
}
|
||||
|
||||
|
@ -728,8 +739,8 @@ class RevokedEndEntityTrustDomain final : public MultiplePathTrustDomain
|
|||
{
|
||||
public:
|
||||
Result CheckRevocation(EndEntityOrCA endEntityOrCA, const CertID&, Time,
|
||||
Duration, /*optional*/ const Input*,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*) override
|
||||
Time, Duration, /*optional*/ const Input*,
|
||||
/*optional*/ const Input*) override
|
||||
{
|
||||
if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity) {
|
||||
return Result::ERROR_REVOKED_CERTIFICATE;
|
||||
|
@ -833,11 +844,14 @@ private:
|
|||
return Success;
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*,
|
||||
/*optional*/ const Input*)
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
|
||||
Time validityBeginning, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*)
|
||||
override
|
||||
{
|
||||
// All of the certificates in this test for which this is called have a
|
||||
// validity period that begins "one day before now".
|
||||
EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
|
||||
return Success;
|
||||
}
|
||||
|
||||
|
|
|
@ -70,9 +70,8 @@ private:
|
|||
return Success;
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*,
|
||||
/*optional*/ const Input*)
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
|
||||
/*optional*/ const Input*, /*optional*/ const Input*)
|
||||
override
|
||||
{
|
||||
return Success;
|
||||
|
|
|
@ -92,8 +92,8 @@ private:
|
|||
return checker.Check(issuerCert, nullptr, keepGoing);
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
const Input*, const Input*, const Input*) override
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
|
||||
const Input*, const Input*) override
|
||||
{
|
||||
return Success;
|
||||
}
|
||||
|
|
|
@ -558,8 +558,8 @@ private:
|
|||
return checker.Check(derCert, nullptr, keepGoing);
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
const Input*, const Input*, const Input*) override
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
|
||||
const Input*, const Input*) override
|
||||
{
|
||||
return Success;
|
||||
}
|
||||
|
|
|
@ -302,8 +302,7 @@ public:
|
|||
return Success;
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
/*optional*/ const Input*,
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
|
||||
/*optional*/ const Input*,
|
||||
/*optional*/ const Input*) override
|
||||
{
|
||||
|
|
|
@ -100,8 +100,7 @@ class EverythingFailsByDefaultTrustDomain : public TrustDomain {
|
|||
Result::FATAL_ERROR_LIBRARY_FAILURE);
|
||||
}
|
||||
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
|
||||
/*optional*/ const Input*,
|
||||
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
|
||||
/*optional*/ const Input*,
|
||||
/*optional*/ const Input*) override {
|
||||
ADD_FAILURE();
|
||||
|
|
|
@ -278,10 +278,10 @@ class TrustDomain {
|
|||
|
||||
virtual Result CheckRevocation(EndEntityOrCA endEntityOrCA,
|
||||
const CertID& certID, Time time,
|
||||
Time validityBeginning,
|
||||
Duration validityDuration,
|
||||
/*optional*/ const Input* stapledOCSPresponse,
|
||||
/*optional*/ const Input* aiaExtension,
|
||||
/*optional*/ const Input* sctExtension) = 0;
|
||||
/*optional*/ const Input* aiaExtension) = 0;
|
||||
|
||||
// Check that the given digest algorithm is acceptable for use in signatures.
|
||||
//
|
||||
|
|
|
@ -252,9 +252,9 @@ PathBuildingStep::Check(Input potentialIssuerDER,
|
|||
}
|
||||
Duration validityDuration(notAfter, notBefore);
|
||||
rv = trustDomain.CheckRevocation(subject.endEntityOrCA, certID, time,
|
||||
validityDuration, stapledOCSPResponse,
|
||||
subject.GetAuthorityInfoAccess(),
|
||||
subject.GetSignedCertificateTimestamps());
|
||||
notBefore, validityDuration,
|
||||
stapledOCSPResponse,
|
||||
subject.GetAuthorityInfoAccess());
|
||||
if (rv != Success) {
|
||||
// Since this is actually a problem with the current subject certificate
|
||||
// (rather than the issuer), it doesn't make sense to keep going; all
|
||||
|
|
Загрузка…
Ссылка в новой задаче