зеркало из https://github.com/mozilla/gecko-dev.git
Backed out changeset ea45d78f5b3b (bug 769288)
This commit is contained in:
Родитель
0aa89768b3
Коммит
8d6e42fcce
|
@ -835,8 +835,7 @@ BlockServerCertChangeForSpdy(nsNSSSocketInfo *infoObject,
|
|||
}
|
||||
|
||||
SECStatus
|
||||
AuthCertificate(TransportSecurityInfo * infoObject, CERTCertificate * cert,
|
||||
uint32_t providerFlags)
|
||||
AuthCertificate(TransportSecurityInfo * infoObject, CERTCertificate * cert)
|
||||
{
|
||||
if (cert->serialNumber.data &&
|
||||
cert->issuerName &&
|
||||
|
@ -922,41 +921,37 @@ AuthCertificate(TransportSecurityInfo * infoObject, CERTCertificate * cert,
|
|||
}
|
||||
|
||||
nsCOMPtr<nsINSSComponent> nssComponent;
|
||||
|
||||
for (CERTCertListNode *node = CERT_LIST_HEAD(certList);
|
||||
!CERT_LIST_END(node, certList);
|
||||
node = CERT_LIST_NEXT(node)) {
|
||||
|
||||
// We want to avoid storing any intermediate cert information when browsing
|
||||
// in private, transient contexts.
|
||||
if (!(providerFlags & nsISocketProvider::NO_PERMANENT_STORAGE)) {
|
||||
for (CERTCertListNode *node = CERT_LIST_HEAD(certList);
|
||||
!CERT_LIST_END(node, certList);
|
||||
node = CERT_LIST_NEXT(node)) {
|
||||
|
||||
if (node->cert->slot) {
|
||||
// This cert was found on a token, no need to remember it in the temp db.
|
||||
continue;
|
||||
}
|
||||
|
||||
if (node->cert->isperm) {
|
||||
// We don't need to remember certs already stored in perm db.
|
||||
continue;
|
||||
}
|
||||
|
||||
if (node->cert == cert) {
|
||||
// We don't want to remember the server cert,
|
||||
// the code that cares for displaying page info does this already.
|
||||
continue;
|
||||
}
|
||||
|
||||
// We have found a signer cert that we want to remember.
|
||||
char* nickname = nsNSSCertificate::defaultServerNickname(node->cert);
|
||||
if (nickname && *nickname) {
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
|
||||
if (slot) {
|
||||
PK11_ImportCert(slot, node->cert, CK_INVALID_HANDLE,
|
||||
nickname, false);
|
||||
}
|
||||
}
|
||||
PR_FREEIF(nickname);
|
||||
if (node->cert->slot) {
|
||||
// This cert was found on a token, no need to remember it in the temp db.
|
||||
continue;
|
||||
}
|
||||
|
||||
if (node->cert->isperm) {
|
||||
// We don't need to remember certs already stored in perm db.
|
||||
continue;
|
||||
}
|
||||
|
||||
if (node->cert == cert) {
|
||||
// We don't want to remember the server cert,
|
||||
// the code that cares for displaying page info does this already.
|
||||
continue;
|
||||
}
|
||||
|
||||
// We have found a signer cert that we want to remember.
|
||||
char* nickname = nsNSSCertificate::defaultServerNickname(node->cert);
|
||||
if (nickname && *nickname) {
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
|
||||
if (slot) {
|
||||
PK11_ImportCert(slot, node->cert, CK_INVALID_HANDLE,
|
||||
nickname, false);
|
||||
}
|
||||
}
|
||||
PR_FREEIF(nickname);
|
||||
}
|
||||
|
||||
// The connection may get terminated, for example, if the server requires
|
||||
|
@ -1048,7 +1043,7 @@ SSLServerCertVerificationJob::Run()
|
|||
// Reset the error code here so we can detect if AuthCertificate fails to
|
||||
// set the error code if/when it fails.
|
||||
PR_SetError(0, 0);
|
||||
SECStatus rv = AuthCertificate(mInfoObject, mCert, mProviderFlags);
|
||||
SECStatus rv = AuthCertificate(mInfoObject, mCert);
|
||||
if (rv == SECSuccess) {
|
||||
RefPtr<SSLServerCertVerificationResult> restart(
|
||||
new SSLServerCertVerificationResult(mInfoObject, 0));
|
||||
|
@ -1173,7 +1168,7 @@ AuthCertificateHook(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
|
|||
// thread doing the network I/O may not interrupt its network I/O on receipt
|
||||
// of our SSLServerCertVerificationResult event, and/or it might not even be
|
||||
// a non-blocking socket.
|
||||
SECStatus rv = AuthCertificate(socketInfo, serverCert, providerFlags);
|
||||
SECStatus rv = AuthCertificate(socketInfo, serverCert);
|
||||
if (rv == SECSuccess) {
|
||||
return SECSuccess;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче