Closed Bug 394206 Opened 17 years ago Closed 17 years ago

PKIX_PL_Cert_IsCertTrusted checks wrong flag

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Assigned: KaiE)

Details

Attachments

(1 file)

Patch v1
900 bytes, patch
nelson
: review+
Details | Diff | Splinter Review 
Spun off from bug 391454 comment 9 and bug 391454 comment 19 and bug 391454 comment 22.

PKIX_PL_Cert_IsCertTrusted checks the wrong flag.
It checks CERTDB_VALID_CA, and treats any cert with that flag as trusted.

Function CERT_TrustFlagsForCACertUsage returns the required set of flags.
The correct patch for this code is:
         if (rv == SECSuccess) {

                 certFlags = SEC_GET_TRUST_FLAGS((&trust), trustType);
-                if ((certFlags & CERTDB_VALID_CA) &&
-                    ((certFlags & requiredFlags) == requiredFlags)) {
+                if ((certFlags & requiredFlags) == requiredFlags) {
                         trusted = PKIX_TRUE;
                 }
Attached patch Patch v1Splinter Review 
Assignee: nobody → kengert
Status: NEW → ASSIGNED

        Attachment #278821 -
        Flags: review?(nelson)

    
    

    
  
Comment on attachment 278821 [details] [diff] [review]
Patch v1

This looks familiar. :)

        Attachment #278821 -
        Flags: review?(nelson) → review+

    
    

    
  
fixed

Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.12

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: