зеркало из https://github.com/mozilla/gecko-dev.git
bug 180268, reimplement ssl step-up for builtins
This commit is contained in:
Родитель
bf3d142f53
Коммит
be72ca16c5
|
@ -37,7 +37,7 @@
|
|||
/*
|
||||
* Tool for converting builtin CA certs.
|
||||
*
|
||||
* $Id: addbuiltin.c,v 1.7 2004/04/25 15:02:38 gerv%gerv.net Exp $
|
||||
* $Id: addbuiltin.c,v 1.8 2004/05/17 20:08:34 ian.mcgreer%sun.com Exp $
|
||||
*/
|
||||
|
||||
#include "nss.h"
|
||||
|
@ -157,6 +157,9 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust)
|
|||
printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n");
|
||||
printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n");
|
||||
#endif
|
||||
printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL %s\n",
|
||||
trust->sslFlags & CERTDB_GOVT_APPROVED_CA ?
|
||||
"CK_TRUE" : "CK_FALSE");
|
||||
|
||||
|
||||
PORT_Free(sdder->data);
|
||||
|
@ -197,7 +200,7 @@ printheader() {
|
|||
"# may use your version of this file under either the MPL or the\n"
|
||||
"# GPL.\n"
|
||||
"#\n"
|
||||
"CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.7 $ $Date: 2004/04/25 15:02:38 $ $Name: $\"\n"
|
||||
"CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.8 $ $Date: 2004/05/17 20:08:34 $ $Name: $\"\n"
|
||||
"\n"
|
||||
"#\n"
|
||||
"# certdata.txt\n"
|
||||
|
|
|
@ -1039,9 +1039,7 @@ static void LongUsage(char *progName)
|
|||
FPS "%-25s C \t trusted CA to issue server certs (implies c)\n", "");
|
||||
FPS "%-25s u \t user cert\n", "");
|
||||
FPS "%-25s w \t send warning\n", "");
|
||||
#ifdef DEBUG_NSSTEAM_ONLY
|
||||
FPS "%-25s g \t make step-up cert\n", "");
|
||||
#endif /* DEBUG_NSSTEAM_ONLY */
|
||||
FPS "%-20s Specify the password file\n",
|
||||
" -f pwfile");
|
||||
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
|
||||
|
@ -1591,9 +1589,7 @@ AddExtKeyUsage (void *extHandle)
|
|||
fprintf(stdout, "%-25s 3 - Email Protection\n", "");
|
||||
fprintf(stdout, "%-25s 4 - Timestamp\n", "");
|
||||
fprintf(stdout, "%-25s 5 - OCSP Responder\n", "");
|
||||
#ifdef DEBUG_NSSTEAM_ONLY
|
||||
fprintf(stdout, "%-25s 6 - Step-up\n", "");
|
||||
#endif /* DEBUG_NSSTEAM_ONLY */
|
||||
fprintf(stdout, "%-25s Other to finish\n", "");
|
||||
|
||||
gets(buffer);
|
||||
|
@ -1618,11 +1614,9 @@ AddExtKeyUsage (void *extHandle)
|
|||
case 5:
|
||||
rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
|
||||
break;
|
||||
#ifdef DEBUG_NSSTEAM_ONLY
|
||||
case 6:
|
||||
rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
|
||||
break;
|
||||
#endif /* DEBUG_NSSTEAM_ONLY */
|
||||
default:
|
||||
goto endloop;
|
||||
}
|
||||
|
|
|
@ -2879,11 +2879,9 @@ printFlags(FILE *out, unsigned int flags, int level)
|
|||
if ( flags & CERTDB_TRUSTED_CLIENT_CA ) {
|
||||
SECU_Indent(out, level); fprintf(out, "Trusted Client CA\n");
|
||||
}
|
||||
#ifdef DEBUG
|
||||
if ( flags & CERTDB_GOVT_APPROVED_CA ) {
|
||||
SECU_Indent(out, level); fprintf(out, "Step-up\n");
|
||||
}
|
||||
#endif /* DEBUG */
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
/*
|
||||
* Certificate handling code
|
||||
*
|
||||
* $Id: certdb.c,v 1.68 2004/05/11 02:43:09 jpierre%netscape.com Exp $
|
||||
* $Id: certdb.c,v 1.69 2004/05/17 20:08:36 ian.mcgreer%sun.com Exp $
|
||||
*/
|
||||
|
||||
#include "nssilock.h"
|
||||
|
@ -2046,14 +2046,12 @@ CERT_DecodeTrustString(CERTCertTrust *trust, char *trusts)
|
|||
*pflags = *pflags | CERTDB_USER;
|
||||
break;
|
||||
|
||||
#ifdef DEBUG_NSSTEAM_ONLY
|
||||
case 'i':
|
||||
*pflags = *pflags | CERTDB_INVISIBLE_CA;
|
||||
break;
|
||||
case 'g':
|
||||
*pflags = *pflags | CERTDB_GOVT_APPROVED_CA;
|
||||
break;
|
||||
#endif /* DEBUG_NSSTEAM_ONLY */
|
||||
|
||||
case ',':
|
||||
if ( pflags == &trust->sslFlags ) {
|
||||
|
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -30,7 +30,7 @@
|
|||
# may use your version of this file under either the MPL or the
|
||||
# GPL.
|
||||
#
|
||||
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.28 $ $Date: 2003/06/05 00:53:27 $ $Name: $"
|
||||
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.29 $ $Date: 2004/05/17 20:08:36 $ $Name: $"
|
||||
|
||||
#
|
||||
# certdata.txt
|
||||
|
@ -83,6 +83,7 @@ CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.28 $ $Date: 2003/06/05 00:5
|
|||
# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)
|
||||
# CKA_TRUST_IPSEC_USER CK_TRUST (varies)
|
||||
# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)
|
||||
# CKA_TRUST_STEP_UP_APPROVED CK_BBOOL (varies)
|
||||
# (other trust attributes can be defined)
|
||||
#
|
||||
|
||||
|
@ -197,6 +198,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "GTE CyberTrust Root CA"
|
||||
|
@ -286,6 +288,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "GTE CyberTrust Global Root"
|
||||
|
@ -390,6 +393,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "Thawte Personal Basic CA"
|
||||
|
@ -522,6 +526,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Thawte Personal Premium CA"
|
||||
|
@ -657,6 +662,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Thawte Personal Freemail CA"
|
||||
|
@ -793,6 +799,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Thawte Server CA"
|
||||
|
@ -924,6 +931,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "Thawte Premium Server CA"
|
||||
|
@ -1059,6 +1067,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "Equifax Secure CA"
|
||||
|
@ -1167,6 +1176,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "ABAecom (sub., Am. Bankers Assn.) Root CA"
|
||||
|
@ -1298,6 +1308,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "Digital Signature Trust Co. Global CA 1"
|
||||
|
@ -1406,6 +1417,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "Digital Signature Trust Co. Global CA 3"
|
||||
|
@ -1514,6 +1526,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "Digital Signature Trust Co. Global CA 2"
|
||||
|
@ -1653,6 +1666,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "Digital Signature Trust Co. Global CA 4"
|
||||
|
@ -1792,6 +1806,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 1 Public Primary Certification Authority"
|
||||
|
@ -1894,6 +1909,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 2 Public Primary Certification Authority"
|
||||
|
@ -1995,6 +2011,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 3 Public Primary Certification Authority"
|
||||
|
@ -2096,6 +2113,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 1 Public Primary Certification Authority - G2"
|
||||
|
@ -2228,6 +2246,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
|
||||
|
@ -2360,6 +2379,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 3 Public Primary Certification Authority - G2"
|
||||
|
@ -2492,6 +2512,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 4 Public Primary Certification Authority - G2"
|
||||
|
@ -2624,6 +2645,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "GlobalSign Root CA"
|
||||
|
@ -2740,6 +2762,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "ValiCert Class 1 VA"
|
||||
|
@ -2865,6 +2888,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "ValiCert Class 2 VA"
|
||||
|
@ -2990,6 +3014,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "RSA Root Certificate 1"
|
||||
|
@ -3115,6 +3140,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
|
||||
|
@ -3264,6 +3290,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
|
||||
|
@ -3413,6 +3440,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
|
||||
|
@ -3562,6 +3590,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 4 Public Primary Certification Authority - G3"
|
||||
|
@ -3711,6 +3740,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_TRUE
|
||||
|
||||
#
|
||||
# Certificate "Entrust.net Secure Server CA"
|
||||
|
@ -3870,6 +3900,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Entrust.net Secure Personal CA"
|
||||
|
@ -4031,6 +4062,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Entrust.net Premium 2048 Secure Server CA"
|
||||
|
@ -4179,6 +4211,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Baltimore CyberTrust Root"
|
||||
|
@ -4397,6 +4430,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Equifax Secure eBusiness CA 1"
|
||||
|
@ -4498,6 +4532,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Equifax Secure eBusiness CA 2"
|
||||
|
@ -4726,6 +4761,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "beTRUSTed Root CA"
|
||||
|
@ -4869,6 +4905,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "AddTrust Low-Value Services Root"
|
||||
|
@ -4998,6 +5035,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "AddTrust External Root"
|
||||
|
@ -5132,6 +5170,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "AddTrust Public Services Root"
|
||||
|
@ -5392,6 +5431,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 1 Public Primary OCSP Responder"
|
||||
|
@ -5520,6 +5560,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 2 Public Primary OCSP Responder"
|
||||
|
@ -5648,6 +5689,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Class 3 Public Primary OCSP Responder"
|
||||
|
@ -5776,6 +5818,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Secure Server OCSP Responder"
|
||||
|
@ -5904,6 +5947,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Verisign Time Stamping Authority CA"
|
||||
|
@ -6047,6 +6091,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Thawte Time Stamping CA"
|
||||
|
@ -6159,6 +6204,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Entrust.net Global Secure Server CA"
|
||||
|
@ -6311,6 +6357,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Entrust.net Global Secure Personal CA"
|
||||
|
@ -6462,6 +6509,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "AOL Time Warner Root Certification Authority 1"
|
||||
|
@ -6594,6 +6642,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "AOL Time Warner Root Certification Authority 2"
|
||||
|
@ -6758,6 +6807,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "beTRUSTed Root CA-Baltimore Implementation"
|
||||
|
@ -6908,6 +6958,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "beTRUSTed Root CA - Entrust Implementation"
|
||||
|
@ -7073,6 +7124,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "beTRUSTed Root CA - RSA Implementation"
|
||||
|
@ -7225,6 +7277,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "RSA Security 2048 v3"
|
||||
|
@ -7336,6 +7389,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "RSA Security 1024 v3"
|
||||
|
@ -7430,6 +7484,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "GeoTrust Global CA"
|
||||
|
@ -7541,6 +7596,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "UTN-USER First-Network Applications"
|
||||
|
@ -7689,6 +7745,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "America Online Root Certification Authority 1"
|
||||
|
@ -7811,6 +7868,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "America Online Root Certification Authority 2"
|
||||
|
@ -7965,6 +8023,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Visa eCommerce Root"
|
||||
|
@ -8089,6 +8148,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "TC TrustCenter, Germany, Class 2 CA"
|
||||
|
@ -8221,6 +8281,7 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "TC TrustCenter, Germany, Class 3 CA"
|
||||
|
@ -8353,3 +8414,4 @@ END
|
|||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.30 $ $Date: 2004/04/25 15:03:06 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.31 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKEPV_H
|
||||
|
@ -543,16 +543,17 @@ nssCryptokiTrust_GetAttributes (
|
|||
nssTrustLevel *serverAuth,
|
||||
nssTrustLevel *clientAuth,
|
||||
nssTrustLevel *codeSigning,
|
||||
nssTrustLevel *emailProtection
|
||||
nssTrustLevel *emailProtection,
|
||||
PRBool *stepUpApproved
|
||||
)
|
||||
{
|
||||
PRStatus status;
|
||||
NSSSlot *slot;
|
||||
nssSession *session;
|
||||
CK_BBOOL isToken;
|
||||
CK_BBOOL isToken, stepUp;
|
||||
CK_TRUST saTrust, caTrust, epTrust, csTrust;
|
||||
CK_ATTRIBUTE_PTR attr;
|
||||
CK_ATTRIBUTE trust_template[6];
|
||||
CK_ATTRIBUTE trust_template[7];
|
||||
CK_ULONG trust_size;
|
||||
|
||||
/* Use the trust object to find the trust settings */
|
||||
|
@ -562,6 +563,7 @@ nssCryptokiTrust_GetAttributes (
|
|||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust);
|
||||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust);
|
||||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust);
|
||||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_STEP_UP_APPROVED, stepUp);
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash);
|
||||
NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size);
|
||||
|
||||
|
@ -588,6 +590,7 @@ nssCryptokiTrust_GetAttributes (
|
|||
*clientAuth = get_nss_trust(caTrust);
|
||||
*emailProtection = get_nss_trust(epTrust);
|
||||
*codeSigning = get_nss_trust(csTrust);
|
||||
*stepUpApproved = stepUp;
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.34 $ $Date: 2004/04/25 15:03:06 $ $Name: $";
|
||||
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.35 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKT_H
|
||||
|
@ -465,6 +465,7 @@ nssToken_ImportTrust
|
|||
nssTrustLevel clientAuth,
|
||||
nssTrustLevel codeSigning,
|
||||
nssTrustLevel emailProtection,
|
||||
PRBool stepUpApproved,
|
||||
PRBool asTokenObject
|
||||
);
|
||||
|
||||
|
@ -759,7 +760,8 @@ nssCryptokiTrust_GetAttributes
|
|||
nssTrustLevel *serverAuth,
|
||||
nssTrustLevel *clientAuth,
|
||||
nssTrustLevel *codeSigning,
|
||||
nssTrustLevel *emailProtection
|
||||
nssTrustLevel *emailProtection,
|
||||
PRBool *stepUpApproved
|
||||
);
|
||||
|
||||
NSS_EXTERN PRStatus
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
#define DEVT_H
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.20 $ $Date: 2004/04/25 15:03:06 $ $Name: $";
|
||||
static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.21 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -148,10 +148,6 @@ typedef enum {
|
|||
NSSCertificateType_PKIX = 1
|
||||
} NSSCertificateType;
|
||||
|
||||
#ifdef nodef
|
||||
/* the current definition of NSSTrust depends on this value being CK_ULONG */
|
||||
typedef CK_ULONG nssTrustLevel;
|
||||
#else
|
||||
typedef enum {
|
||||
nssTrustLevel_Unknown = 0,
|
||||
nssTrustLevel_NotTrusted = 1,
|
||||
|
@ -160,7 +156,6 @@ typedef enum {
|
|||
nssTrustLevel_Valid = 4,
|
||||
nssTrustLevel_ValidDelegator = 5
|
||||
} nssTrustLevel;
|
||||
#endif
|
||||
|
||||
typedef struct nssCryptokiInstanceStr nssCryptokiInstance;
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.37 $ $Date: 2004/04/25 15:03:06 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.38 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKEPV_H
|
||||
|
@ -1163,6 +1163,7 @@ nssToken_ImportTrust (
|
|||
nssTrustLevel clientAuth,
|
||||
nssTrustLevel codeSigning,
|
||||
nssTrustLevel emailProtection,
|
||||
PRBool stepUpApproved,
|
||||
PRBool asTokenObject
|
||||
)
|
||||
{
|
||||
|
@ -1170,7 +1171,7 @@ nssToken_ImportTrust (
|
|||
CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST;
|
||||
CK_TRUST ckSA, ckCA, ckCS, ckEP;
|
||||
CK_ATTRIBUTE_PTR attr;
|
||||
CK_ATTRIBUTE trust_tmpl[10];
|
||||
CK_ATTRIBUTE trust_tmpl[11];
|
||||
CK_ULONG tsize;
|
||||
PRUint8 sha1[20]; /* this is cheating... */
|
||||
PRUint8 md5[16];
|
||||
|
@ -1199,6 +1200,13 @@ nssToken_ImportTrust (
|
|||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, ckCA);
|
||||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, ckCS);
|
||||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, ckEP);
|
||||
if (stepUpApproved) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
|
||||
&g_ck_true);
|
||||
} else {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
|
||||
&g_ck_false);
|
||||
}
|
||||
NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize);
|
||||
/* import the trust object onto the token */
|
||||
object = import_object(tok, sessionOpt, trust_tmpl, tsize);
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.51 $ $Date: 2004/04/25 15:03:14 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.52 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSPKI_H
|
||||
|
@ -1030,6 +1030,8 @@ nssTrust_Create (
|
|||
nssCryptokiObject *instance;
|
||||
nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection;
|
||||
SECStatus rv; /* Should be stan flavor */
|
||||
PRBool stepUp;
|
||||
|
||||
lastTrustOrder = 1<<16; /* just make it big */
|
||||
PR_ASSERT(object->instances != NULL && object->numInstances > 0);
|
||||
rvt = nss_ZNEW(object->arena, NSSTrust);
|
||||
|
@ -1055,7 +1057,8 @@ nssTrust_Create (
|
|||
&serverAuth,
|
||||
&clientAuth,
|
||||
&codeSigning,
|
||||
&emailProtection);
|
||||
&emailProtection,
|
||||
&stepUp);
|
||||
if (status != PR_SUCCESS) {
|
||||
PZ_Unlock(object->lock);
|
||||
return (NSSTrust *)NULL;
|
||||
|
@ -1084,6 +1087,7 @@ nssTrust_Create (
|
|||
{
|
||||
rvt->codeSigning = codeSigning;
|
||||
}
|
||||
rvt->stepUpApproved = stepUp;
|
||||
lastTrustOrder = myTrustOrder;
|
||||
}
|
||||
PZ_Unlock(object->lock);
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.80 $ $Date: 2004/04/25 15:03:14 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.81 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -541,6 +541,10 @@ cert_trust_from_stan_trust(NSSTrust *t, PRArenaPool *arena)
|
|||
rvTrust->sslFlags |= client;
|
||||
rvTrust->emailFlags = get_nss3trust_from_nss4trust(t->emailProtection);
|
||||
rvTrust->objectSigningFlags = get_nss3trust_from_nss4trust(t->codeSigning);
|
||||
/* The cert is a valid step-up cert (in addition to/lieu of trust above */
|
||||
if (t->stepUpApproved) {
|
||||
rvTrust->sslFlags |= CERTDB_GOVT_APPROVED_CA;
|
||||
}
|
||||
return rvTrust;
|
||||
}
|
||||
|
||||
|
@ -976,6 +980,8 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
|
|||
nssTrust->clientAuth = get_stan_trust(trust->sslFlags, PR_TRUE);
|
||||
nssTrust->emailProtection = get_stan_trust(trust->emailFlags, PR_FALSE);
|
||||
nssTrust->codeSigning = get_stan_trust(trust->objectSigningFlags, PR_FALSE);
|
||||
nssTrust->stepUpApproved =
|
||||
(PRBool)(trust->sslFlags & CERTDB_GOVT_APPROVED_CA);
|
||||
if (c->object.cryptoContext != NULL) {
|
||||
/* The cert is in a context, set the trust there */
|
||||
NSSCryptoContext *cc = c->object.cryptoContext;
|
||||
|
@ -1039,7 +1045,8 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
|
|||
nssTrust->serverAuth,
|
||||
nssTrust->clientAuth,
|
||||
nssTrust->codeSigning,
|
||||
nssTrust->emailProtection, PR_TRUE);
|
||||
nssTrust->emailProtection,
|
||||
nssTrust->stepUpApproved, PR_TRUE);
|
||||
/* If the selected token can't handle trust, dump the trust on
|
||||
* the internal token */
|
||||
if (!newInstance && !PK11_IsInternal(tok->pk11slot)) {
|
||||
|
@ -1069,7 +1076,8 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
|
|||
nssTrust->serverAuth,
|
||||
nssTrust->clientAuth,
|
||||
nssTrust->codeSigning,
|
||||
nssTrust->emailProtection, PR_TRUE);
|
||||
nssTrust->emailProtection,
|
||||
nssTrust->stepUpApproved, PR_TRUE);
|
||||
}
|
||||
if (newInstance) {
|
||||
nssCryptokiObject_Destroy(newInstance);
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
#define PKIT_H
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.14 $ $Date: 2004/04/25 15:03:14 $ $Name: $";
|
||||
static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.15 $ $Date: 2004/05/17 20:08:37 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -133,6 +133,7 @@ struct NSSTrustStr
|
|||
nssTrustLevel clientAuth;
|
||||
nssTrustLevel emailProtection;
|
||||
nssTrustLevel codeSigning;
|
||||
PRBool stepUpApproved;
|
||||
};
|
||||
|
||||
struct nssSMIMEProfileStr
|
||||
|
|
|
@ -788,6 +788,7 @@ pk11_handleTrustObject(PK11Session *session,PK11Object *object)
|
|||
CK_TRUST clientTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
|
||||
CK_TRUST emailTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
|
||||
CK_TRUST signTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
|
||||
CK_BBOOL stepUp;
|
||||
NSSLOWCERTCertTrust dbTrust = { 0 };
|
||||
SECStatus rv;
|
||||
|
||||
|
@ -844,6 +845,14 @@ pk11_handleTrustObject(PK11Session *session,PK11Object *object)
|
|||
}
|
||||
pk11_FreeAttribute(trust);
|
||||
}
|
||||
stepUp = CK_FALSE;
|
||||
trust = pk11_FindAttribute(object,CKA_TRUST_STEP_UP_APPROVED);
|
||||
if (trust) {
|
||||
if (trust->attrib.ulValueLen == sizeof(CK_BBOOL)) {
|
||||
stepUp = *(CK_BBOOL*)trust->attrib.pValue;
|
||||
}
|
||||
pk11_FreeAttribute(trust);
|
||||
}
|
||||
|
||||
/* preserve certain old fields */
|
||||
if (cert->trust) {
|
||||
|
@ -859,6 +868,9 @@ pk11_handleTrustObject(PK11Session *session,PK11Object *object)
|
|||
dbTrust.sslFlags |= pk11_MapTrust(clientTrust,PR_TRUE);
|
||||
dbTrust.emailFlags |= pk11_MapTrust(emailTrust,PR_FALSE);
|
||||
dbTrust.objectSigningFlags |= pk11_MapTrust(signTrust,PR_FALSE);
|
||||
if (stepUp) {
|
||||
dbTrust.sslFlags |= CERTDB_GOVT_APPROVED_CA;
|
||||
}
|
||||
|
||||
rv = nsslowcert_ChangeCertTrust(slot->certDB,cert,&dbTrust);
|
||||
object->handle=pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_TRUST);
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
#define _PKCS11N_H_
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.9 $ $Date: 2004/04/25 15:03:16 $ $Name: $";
|
||||
static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.10 $ $Date: 2004/05/17 20:08:38 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -134,6 +134,8 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.9 $
|
|||
#define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13)
|
||||
#define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14)
|
||||
#define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15)
|
||||
#define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16)
|
||||
|
||||
#define CKA_CERT_SHA1_HASH (CKA_TRUST + 100)
|
||||
#define CKA_CERT_MD5_HASH (CKA_TRUST + 101)
|
||||
|
||||
|
|
|
@ -1065,6 +1065,7 @@ pk11_FindTrustAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type)
|
|||
case CKA_TRUST_SERVER_AUTH:
|
||||
case CKA_TRUST_EMAIL_PROTECTION:
|
||||
case CKA_TRUST_CODE_SIGNING:
|
||||
case CKA_TRUST_STEP_UP_APPROVED:
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
|
@ -1112,6 +1113,12 @@ trust:
|
|||
return (PK11Attribute *)&pk11_StaticValidPeerAttr;
|
||||
}
|
||||
return (PK11Attribute *)&pk11_StaticMustVerifyAttr;
|
||||
case CKA_TRUST_STEP_UP_APPROVED:
|
||||
if (trust->trust->sslFlags & CERTDB_GOVT_APPROVED_CA) {
|
||||
return (PK11Attribute *)&pk11_StaticTrueAttr;
|
||||
} else {
|
||||
return (PK11Attribute *)&pk11_StaticFalseAttr;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче