Treat non-repudiation-only certs as valid signature certs.

Bug 240456. r=wtc, sr=relyea.
2025-03-03 23:30:46 +00:00 · 2004-07-01 00:26:00 +00:00 · 2004-07-01 00:26:00 +00:00 · 23b32f634b
commit 23b32f634b
parent 3bc297e56b
1 changed files with 8 additions and 2 deletions
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@ -37,7 +37,7 @@
 /*
 * Certificate handling code
 *
- * $Id: certdb.c,v 1.69 2004/05/17 20:08:36 ian.mcgreer%sun.com Exp $
+ * $Id: certdb.c,v 1.70 2004/07/01 00:26:00 nelsonb%netscape.com Exp $
 */

 #include "nssilock.h"
@ -1215,6 +1215,8 @@ loser:
 SECStatus
 CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage)
 {
+    unsigned int certKeyUsage;
+
    if (!cert) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
@ -1249,8 +1251,12 @@ CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage)
 	}
    }

-    if ( (cert->keyUsage & requiredUsage) == requiredUsage ) 
+    certKeyUsage = cert->keyUsage;
+    if (certKeyUsage & KU_NON_REPUDIATION)
+        certKeyUsage |= KU_DIGITAL_SIGNATURE;
+    if ( (certKeyUsage & requiredUsage) == requiredUsage ) 
    	return SECSuccess;
+
 loser:
    PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
    return SECFailure;