diff --git a/security/nss/lib/pki/certificate.c b/security/nss/lib/pki/certificate.c index 33eaf48d0b18..23d9b3356923 100644 --- a/security/nss/lib/pki/certificate.c +++ b/security/nss/lib/pki/certificate.c @@ -35,7 +35,7 @@ * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.54 $ $Date: 2005/06/27 21:50:06 $"; +static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.55 $ $Date: 2005/06/28 17:55:29 $"; #endif /* DEBUG */ #ifndef NSSPKI_H @@ -880,83 +880,6 @@ NSSUserCertificate_DeriveSymmetricKey ( return NULL; } -NSS_IMPLEMENT void -nssBestCertificate_SetArgs ( - nssBestCertificateCB *best, - NSSTime *timeOpt, - NSSUsage *usage, - NSSPolicies *policies -) -{ - if (timeOpt) { - best->time = timeOpt; - } else { - NSSTime_Now(&best->sTime); - best->time = &best->sTime; - } - best->usage = usage; - best->policies = policies; - best->cert = NULL; -} - -NSS_IMPLEMENT PRStatus -nssBestCertificate_Callback ( - NSSCertificate *c, - void *arg -) -{ - nssBestCertificateCB *best = (nssBestCertificateCB *)arg; - nssDecodedCert *dc, *bestdc; - dc = nssCertificate_GetDecoding(c); - if (!best->cert) { - /* usage */ - if (best->usage->anyUsage) { - best->cert = nssCertificate_AddRef(c); - } else { -#ifdef NSS_3_4_CODE - /* For this to work in NSS 3.4, we have to go out and fill in - * all of the CERTCertificate fields. Why? Because the - * matchUsage function calls CERT_IsCACert, which needs to know - * what the trust values are for the cert. - * Ignore the returned pointer, the refcount is in c anyway. - */ - if (STAN_GetCERTCertificate(c) == NULL) { - return PR_FAILURE; - } -#endif - if (dc->matchUsage(dc, best->usage)) { - best->cert = nssCertificate_AddRef(c); - } - } - return PR_SUCCESS; - } - bestdc = nssCertificate_GetDecoding(best->cert); - /* time */ - if (bestdc->isValidAtTime(bestdc, best->time)) { - /* The current best cert is valid at time */ - if (!dc->isValidAtTime(dc, best->time)) { - /* If the new cert isn't valid at time, it's not better */ - return PR_SUCCESS; - } - } else { - /* The current best cert is not valid at time */ - if (dc->isValidAtTime(dc, best->time)) { - /* If the new cert is valid at time, it's better */ - NSSCertificate_Destroy(best->cert); - best->cert = nssCertificate_AddRef(c); - return PR_SUCCESS; - } - } - /* either they are both valid at time, or neither valid; take the newer */ - /* XXX later -- defer to policies */ - if (!bestdc->isNewerThan(bestdc, dc)) { - NSSCertificate_Destroy(best->cert); - best->cert = nssCertificate_AddRef(c); - } - /* policies */ - return PR_SUCCESS; -} - NSS_IMPLEMENT nssSMIMEProfile * nssSMIMEProfile_Create ( NSSCertificate *cert, diff --git a/security/nss/lib/pki/pkitm.h b/security/nss/lib/pki/pkitm.h index b684a1f32464..a3607da6e45a 100644 --- a/security/nss/lib/pki/pkitm.h +++ b/security/nss/lib/pki/pkitm.h @@ -38,7 +38,7 @@ #define PKITM_H #ifdef DEBUG -static const char PKITM_CVS_ID[] = "@(#) $RCSfile: pkitm.h,v $ $Revision: 1.13 $ $Date: 2005/03/04 04:32:04 $"; +static const char PKITM_CVS_ID[] = "@(#) $RCSfile: pkitm.h,v $ $Revision: 1.14 $ $Date: 2005/06/28 17:55:29 $"; #endif /* DEBUG */ /* @@ -105,16 +105,6 @@ struct NSSUsageStr { #endif }; -typedef struct nssBestCertificateCBStr nssBestCertificateCB; - -struct nssBestCertificateCBStr { - NSSCertificate *cert; - NSSTime *time; - NSSTime sTime; /* to avoid allocating when unnecessary */ - NSSUsage *usage; - NSSPolicies *policies; -}; - typedef struct nssPKIObjectCollectionStr nssPKIObjectCollection; typedef struct