DB causes NSS_Shutdown to fail. Two files were changed. 1. crl.c: we
should not obtain a slot reference because PK11_FindCrlByName already
obtained a slot reference. 2. pk11cert.c: cleaned up code and fixed a slot
reference leak if the SECITEM_AllocItem call fails. r=nelsonb.
Change loops over RDNs and AVAs to detect NULL pointers.
Change list of attribute type "keywords" to match RFCs and internet
drafts.
Quote attribute values strings that contain adjacent embedded blanks.
Don't quote hex string values.
Always use hex string values when type OID is unrecognized.
because it is a private function. Change the interface for this
function so that it returns a SECStatus, unambiguously indicating the
success or failure of the name constraints test. The function no
longer takes a list of cert subject names, instead, it takes a list
of cert pointers, and optionally outputs one of those pointers when
an error occurs. This eliminates a cert reference leak.
time when the list of cert names is being built and builds a GeneralName
out of it, just as if the rfc822 name had come from a subject alt name
extension. This way, no special handling is needed of either directory
names or rfc822 names in the name constraints code. The special "phase 1"
loop in cert_CompareNameWithConstraints disappears compmletely. And all
the cases in the (former phase 2) loop can now simply assert that the
name's type matches the constraint's type exactly.
This patch also factors out the code that creates new CERTGeneralNames and
that copies a single CERTGeneralName into new separate functions. This
eliminates a lot of duplicated code whose correctness required lengthy
inspection. Now these primitive operations are centralized.
statements that repeat code for every case. This patch factors out that
common code from the cases, making the switches much smaller and reducing
bloat.
and releases space in the arenas, so the arenas just grow and grow
until the test is completely over. This patch adds comments showing
where mark and release calls could (and probably should) be added.
It also changes CERT_CopyGeneralName to have only two exit paths,
two return statements, in preparation for the eventual use of mark and
release.
b) change all PORT_*Alloc calls that allocate new structs or arrays of
same to use the PORT_*New* macros instead.
c) ifdef out some dead functions that are rife with failure to detect
allocation failures.
to genname.h, and eliminate declarations from cert.h that were also
in genname.h. If we ever decide to make any of these functions public,
we can move their declarations back to cert.h.
Rewrite CERT_CompareAVA to compare the type OIDs first, and then if
the values are not of the same encoding, convert them before comparing.
Also, do comparisons of printableString encoding properly. Bug 208649.
function names containing SubjectKey and PublicKey. Moved internal
functions to private headers and use the lowercase cert_ prefix for the
internal functions for subject key ID mapping hash table. r=nelsonb.
