← Back to branch summary

~ubuntu-branches/ubuntu/raring/nss/raring-security

~ubuntu-branches/ubuntu/raring/nss/raring-security

« back to all changes in this revision

Viewing changes to mozilla/security/nss/lib/certdb/certdb.c

Committer: Bazaar Package Importer
Author(s): Chris Coulson
Date: 2010-10-04 22:29:19 UTC
mfrom: (1.1.13 upstream) (24.1.1 maverick-security)
Revision ID: james.westby@ubuntu.com-20101004222919-f94922gs962h6hnp

Tags: 3.12.8-0ubuntu0.10.10.1

* New upstream release v3.12.8 (NSS_3_12_8_RTM)
  - Fix browser wildcard certificate validation issue
  - Update root certs
  - Fix SSL deadlocks
* Refresh patches:
  - update debian/patches/38_kbsd.patch
  - update debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch

files modified:
debian/changelog

debian/patches/38_kbsd.patch

debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch

mozilla/security/coreconf/Darwin.mk

mozilla/security/coreconf/Linux.mk

mozilla/security/coreconf/WIN32.mk

mozilla/security/coreconf/headers.mk

mozilla/security/nss/cmd/certutil/certutil.c

mozilla/security/nss/cmd/lib/SECerrs.h

mozilla/security/nss/cmd/lib/SSLerrs.h

mozilla/security/nss/cmd/lib/secutil.c

mozilla/security/nss/cmd/lib/secutil.h

mozilla/security/nss/cmd/pk12util/pk12util.c

mozilla/security/nss/cmd/strsclnt/strsclnt.c

mozilla/security/nss/cmd/tstclnt/tstclnt.c

mozilla/security/nss/lib/certdb/certdb.c

mozilla/security/nss/lib/certhigh/certhtml.c

mozilla/security/nss/lib/certhigh/certreq.c

mozilla/security/nss/lib/ckfw/builtins/certdata.c

mozilla/security/nss/lib/ckfw/builtins/certdata.txt

mozilla/security/nss/lib/ckfw/builtins/nssckbi.h

mozilla/security/nss/lib/crmf/servget.c

mozilla/security/nss/lib/freebl/Makefile

mozilla/security/nss/lib/freebl/config.mk

mozilla/security/nss/lib/freebl/ldvector.c

mozilla/security/nss/lib/jar/jar.h

mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c

mozilla/security/nss/lib/nss/nss.h

mozilla/security/nss/lib/pk11wrap/debug_module.c

mozilla/security/nss/lib/pk11wrap/pk11auth.c

mozilla/security/nss/lib/pkcs12/p12d.c

mozilla/security/nss/lib/pkcs12/p12e.c

mozilla/security/nss/lib/smime/cmssiginfo.c

mozilla/security/nss/lib/softoken/legacydb/keydb.c

mozilla/security/nss/lib/softoken/legacydb/manifest.mn

mozilla/security/nss/lib/softoken/manifest.mn

mozilla/security/nss/lib/softoken/pkcs11.c

mozilla/security/nss/lib/softoken/sdb.c

mozilla/security/nss/lib/softoken/sdb.h

mozilla/security/nss/lib/softoken/softkver.h

mozilla/security/nss/lib/ssl/ssl.h

mozilla/security/nss/lib/ssl/ssl3con.c

mozilla/security/nss/lib/ssl/ssl3gthr.c

mozilla/security/nss/lib/ssl/sslauth.c

mozilla/security/nss/lib/ssl/sslerr.h

mozilla/security/nss/lib/ssl/sslimpl.h

mozilla/security/nss/lib/ssl/sslinfo.c

mozilla/security/nss/lib/ssl/sslreveal.c

mozilla/security/nss/lib/ssl/sslsecur.c

mozilla/security/nss/lib/ssl/sslsock.c

mozilla/security/nss/lib/util/nssutil.h

mozilla/security/nss/lib/util/secoid.c

mozilla/security/nss/tests/ssl/sslstress.txt

Show diffs side-by-side

added added

removed removed

mozilla/security/nss/lib/certdb/certdb.c

39

39

/*

40

40

* Certificate handling code

41

41

*

42

* $Id: certdb.c,v 1.104 2010/04/25 00:44:55 nelson%bolyard.com Exp $

42

* $Id: certdb.c,v 1.104.2.2 2010/09/02 00:52:02 wtc%google.com Exp $

43

43

*/

44

44

45

45

#include "nssilock.h"

1415

1415

return;

1416

1416

}

1417

1417

1418

static PRBool

1419

cert_IsIPAddr(const char *hn)

1420

{

1421

PRBool isIPaddr = PR_FALSE;

1422

PRNetAddr netAddr;

1423

isIPaddr = (PR_SUCCESS == PR_StringToNetAddr(hn, &netAddr));

1424

return isIPaddr;

1425

}

1426

1418

1427

/*

1419

1428

** Add a domain name to the list of names that the user has explicitly

1420

1429

** allowed (despite cert name mismatches) for use with a server cert.

1880

1889

1881

1890

cn = CERT_GetCommonName(&cert->subject);

1882

1891

if ( cn ) {

1883

rv = cert_TestHostName(cn, hn);

1892

PRBool isIPaddr = cert_IsIPAddr(hn);

1893

if (isIPaddr) {

1894

if (PORT_Strcasecmp(hn, cn) == 0) {

1895

rv = SECSuccess;

1896

} else {

1897

PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);

1898

rv = SECFailure;

1899

}

1900

} else {

1901

rv = cert_TestHostName(cn, hn);

1902

}

1884

1903

PORT_Free(cn);

1885

1904

} else

1886

1905

PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);

2110

2129

PORT_Free(nickname);

2111

2130

}

2112

2131

2113

nickname = "";

2132

nickname = NULL;

2114

2133

2115

2134

done:

2116

2135

if ( firstname ) {

Older »