mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 11:25:00 +00:00
Bug 670454 - Certificates usage in Certificate Viewer is always shown as "could not verify this certificate for unknown reasons", r=bsmith
This commit is contained in:
parent
2f2f94e0c9
commit
6890ce530e
@ -181,10 +181,13 @@ nsUsageArrayHelper::GetUsagesArray(const char *suffix,
|
||||
PRUint32 &count = *_count;
|
||||
count = 0;
|
||||
SECCertificateUsage usages = 0;
|
||||
SECStatus verifyResult;
|
||||
int err = 0;
|
||||
|
||||
if (!nsNSSComponent::globalConstFlagUsePKIXVerification) {
|
||||
verifyResult =
|
||||
// CERT_VerifyCertificateNow returns SECFailure unless the certificate is
|
||||
// valid for all the given usages. Hoewver, we are only looking for the list
|
||||
// of usages for which the cert *is* valid.
|
||||
(void)
|
||||
CERT_VerifyCertificateNow(defaultcertdb, mCert, PR_TRUE,
|
||||
certificateUsageSSLClient |
|
||||
certificateUsageSSLServer |
|
||||
@ -195,6 +198,7 @@ if (!nsNSSComponent::globalConstFlagUsePKIXVerification) {
|
||||
certificateUsageSSLCA |
|
||||
certificateUsageStatusResponder,
|
||||
NULL, &usages);
|
||||
err = PR_GetError();
|
||||
}
|
||||
else {
|
||||
nsresult nsrv;
|
||||
@ -215,20 +219,13 @@ else {
|
||||
cvout[0].value.scalar.usages = 0;
|
||||
cvout[1].type = cert_po_end;
|
||||
|
||||
verifyResult =
|
||||
CERT_PKIXVerifyCert(mCert, certificateUsageCheckAllUsages,
|
||||
survivingParams->GetRawPointerForNSS(),
|
||||
cvout, NULL);
|
||||
|
||||
err = PR_GetError();
|
||||
usages = cvout[0].value.scalar.usages;
|
||||
}
|
||||
|
||||
if (verifyResult != SECSuccess) {
|
||||
int err = PR_GetError();
|
||||
verifyFailed(_verified, err);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// The following list of checks must be < max_returned_out_array_size
|
||||
|
||||
check(suffix, usages & certificateUsageSSLClient, count, outUsages);
|
||||
@ -254,6 +251,10 @@ else {
|
||||
nssComponent->SkipOcspOff();
|
||||
}
|
||||
|
||||
if (count == 0) {
|
||||
verifyFailed(_verified, err);
|
||||
} else {
|
||||
*_verified = nsNSSCertificate::VERIFIED_OK;
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user