mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 11:25:00 +00:00
Bug 406755, EV certs not recognized as EV with some cross-certification scenarios Additional patch for Earlier EV verification, v8 r=wtc, r=nelson, blocking1.9=dsicore
This commit is contained in:
parent
9275246912
commit
d897a746f4
@ -914,7 +914,20 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
|
||||
CERTCertificateCleaner serverCertCleaner(serverCert);
|
||||
|
||||
if (serverCert) {
|
||||
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
|
||||
nsRefPtr<nsSSLStatus> status = infoObject->SSLStatus();
|
||||
nsRefPtr<nsNSSCertificate> nsc;
|
||||
|
||||
if (!status || !status->mServerCert) {
|
||||
nsc = new nsNSSCertificate(serverCert);
|
||||
}
|
||||
|
||||
if (SECSuccess == rv) {
|
||||
if (nsc) {
|
||||
PRBool dummyIsEV;
|
||||
nsc->GetIsExtendedValidation(&dummyIsEV); // the nsc object will cache the status
|
||||
}
|
||||
|
||||
CERTCertList *certList = CERT_GetCertChainFromCert(serverCert, PR_Now(), certUsageSSLCA);
|
||||
|
||||
nsCOMPtr<nsINSSComponent> nssComponent;
|
||||
@ -958,15 +971,12 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
|
||||
// The connection may get terminated, for example, if the server requires
|
||||
// a client cert. Let's provide a minimal SSLStatus
|
||||
// to the caller that contains at least the cert and its status.
|
||||
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
|
||||
|
||||
nsRefPtr<nsSSLStatus> status = infoObject->SSLStatus();
|
||||
if (!status) {
|
||||
status = new nsSSLStatus();
|
||||
infoObject->SetSSLStatus(status);
|
||||
}
|
||||
if (status && !status->mServerCert) {
|
||||
status->mServerCert = new nsNSSCertificate(serverCert);
|
||||
status->mServerCert = nsc;
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
|
||||
("AuthCertificateCallback setting NEW cert %p\n", status->mServerCert.get()));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user