Bug 945349 - CertVerifier should check early for bad usages. r=briansmith

This commit is contained in:
Camilo Viecco 2013-12-06 13:42:44 -08:00
Родитель 6e935eb5c0
Коммит e0f5696cba
2 изменённых файлов: 16 добавлений и 0 удалений

Просмотреть файл

@ -138,6 +138,21 @@ CertVerifier::VerifyCert(CERTCertificate * cert,
*evOidPolicy = SEC_OID_UNKNOWN;
}
switch(usage){
case certificateUsageSSLClient:
case certificateUsageSSLServer:
case certificateUsageSSLCA:
case certificateUsageEmailSigner:
case certificateUsageEmailRecipient:
case certificateUsageObjectSigner:
case certificateUsageStatusResponder:
break;
default:
NS_WARNING("Calling VerifyCert with invalid usage");
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
ScopedCERTCertList trustAnchors;
SECStatus rv;
SECOidTag evPolicy = SEC_OID_UNKNOWN;

Просмотреть файл

@ -25,6 +25,7 @@ public:
// XXX: The localonly flag is ignored in the classic verification case
// *evOidPolicy == SEC_OID_UNKNOWN means the cert is NOT EV
// Only one usage per verification is supported.
SECStatus VerifyCert(CERTCertificate * cert,
const SECCertificateUsage usage,
const PRTime time,