CKT_ Trust values are "enums" not flags.

2024-10-25 11:15:34 +00:00 · 2001-10-24 00:57:06 +00:00 · 2001-10-24 00:57:06 +00:00 · d25793c656
commit d25793c656
parent cce14ccc9a
1 changed files with 6 additions and 6 deletions
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@ -538,27 +538,27 @@ pk11_HandleTrustObject(PK11SlotInfo *slot, CERTCertificate *cert, CERTCertTrust
  /* First implementation: keep it simple for testing.  We can study what other
   * mappings would be appropriate and add them later.. fgmr 20000724 */

-  if( serverAuth & CKT_NETSCAPE_TRUSTED ) {
+  if( serverAuth ==  CKT_NETSCAPE_TRUSTED ) {
    trust->sslFlags |= CERTDB_VALID_PEER | CERTDB_TRUSTED;
  }

-  if( serverAuth & CKT_NETSCAPE_TRUSTED_DELEGATOR ) {
+  if( serverAuth == CKT_NETSCAPE_TRUSTED_DELEGATOR ) {
    trust->sslFlags |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA;
  }

-  if( emailProtection & CKT_NETSCAPE_TRUSTED ) {
+  if( emailProtection == CKT_NETSCAPE_TRUSTED ) {
    trust->emailFlags |= CERTDB_VALID_PEER | CERTDB_TRUSTED;
  }

-  if( emailProtection & CKT_NETSCAPE_TRUSTED_DELEGATOR ) {
+  if( emailProtection == CKT_NETSCAPE_TRUSTED_DELEGATOR ) {
    trust->emailFlags |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA;
  }

-  if( codeSigning & CKT_NETSCAPE_TRUSTED ) {
+  if( codeSigning == CKT_NETSCAPE_TRUSTED ) {
    trust->objectSigningFlags |= CERTDB_VALID_PEER | CERTDB_TRUSTED;
  }

-  if( codeSigning & CKT_NETSCAPE_TRUSTED_DELEGATOR ) {
+  if( codeSigning == CKT_NETSCAPE_TRUSTED_DELEGATOR ) {
    trust->objectSigningFlags |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA;
  }