From 50d65e5e7168753de5b6d989502e375efd761b99 Mon Sep 17 00:00:00 2001
From: "jgmyers%speakeasy.net" <jgmyers%speakeasy.net>
Date: Sun, 11 Apr 2004 21:03:05 +0000
Subject: [PATCH] Check trust bits before examining cert fields when
 classifying certs: bug 178692 r=ssauxh sr=brendan a=asa

---
 security/manager/ssl/src/nsNSSCertHelper.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/security/manager/ssl/src/nsNSSCertHelper.cpp b/security/manager/ssl/src/nsNSSCertHelper.cpp
index 27ed2fdc79fe..600a6de88025 100644
--- a/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/src/nsNSSCertHelper.cpp
@@ -545,10 +545,14 @@ getCertType(CERTCertificate *cert)
   nsNSSCertTrust trust(cert->trust);
   if (cert->nickname && trust.HasAnyUser())
     return nsIX509Cert::USER_CERT;
-  if (trust.HasAnyCA() || CERT_IsCACert(cert,NULL))
+  if (trust.HasAnyCA())
     return nsIX509Cert::CA_CERT;
   if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
     return nsIX509Cert::SERVER_CERT;
+  if (trust.HasPeer(PR_FALSE, PR_TRUE, PR_FALSE) && cert->emailAddr)
+    return nsIX509Cert::EMAIL_CERT;
+  if (CERT_IsCACert(cert,NULL))
+    return nsIX509Cert::CA_CERT;
   if (cert->emailAddr)
     return nsIX509Cert::EMAIL_CERT;
   return nsIX509Cert::SERVER_CERT;