зеркало из https://github.com/mozilla/gecko-dev.git
Bug 945349 - CertVerifier should check early for bad usages. r=briansmith
This commit is contained in:
Родитель
6e935eb5c0
Коммит
e0f5696cba
|
@ -138,6 +138,21 @@ CertVerifier::VerifyCert(CERTCertificate * cert,
|
|||
*evOidPolicy = SEC_OID_UNKNOWN;
|
||||
}
|
||||
|
||||
switch(usage){
|
||||
case certificateUsageSSLClient:
|
||||
case certificateUsageSSLServer:
|
||||
case certificateUsageSSLCA:
|
||||
case certificateUsageEmailSigner:
|
||||
case certificateUsageEmailRecipient:
|
||||
case certificateUsageObjectSigner:
|
||||
case certificateUsageStatusResponder:
|
||||
break;
|
||||
default:
|
||||
NS_WARNING("Calling VerifyCert with invalid usage");
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
ScopedCERTCertList trustAnchors;
|
||||
SECStatus rv;
|
||||
SECOidTag evPolicy = SEC_OID_UNKNOWN;
|
||||
|
|
|
@ -25,6 +25,7 @@ public:
|
|||
// XXX: The localonly flag is ignored in the classic verification case
|
||||
|
||||
// *evOidPolicy == SEC_OID_UNKNOWN means the cert is NOT EV
|
||||
// Only one usage per verification is supported.
|
||||
SECStatus VerifyCert(CERTCertificate * cert,
|
||||
const SECCertificateUsage usage,
|
||||
const PRTime time,
|
||||
|
|
Загрузка…
Ссылка в новой задаче