summaryrefslogtreecommitdiffstats
path: root/security/certverifier/NSSCertDBTrustDomain.cpp
diff options
context:
space:
mode:
authorjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-04-29 09:07:42 +0200
committerjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-04-29 09:07:42 +0200
commitaff03b0a67c41cf7af5df9c9eef715a8b27a2667 (patch)
treeaa2909ae4718f81c83c8cfb68c1f5a23485b3173 /security/certverifier/NSSCertDBTrustDomain.cpp
parentbdb4ff581677ad1cd411b55a68c87534f9a64882 (diff)
parent11caf6ecb3cb8c84d2355a6c6e9580a290147e92 (diff)
downloadUXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.gz
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.lz
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.xz
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.zip
Merge branch 'master' of https://github.com/MoonchildProductions/UXP into js_dom_performance-resource-timing_1
Diffstat (limited to 'security/certverifier/NSSCertDBTrustDomain.cpp')
-rw-r--r--security/certverifier/NSSCertDBTrustDomain.cpp6
1 files changed, 5 insertions, 1 deletions
diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp
index 1fe27b760..b4e12fe9c 100644
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -245,7 +245,11 @@ NSSCertDBTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
// For TRUST, we only use the CERTDB_TRUSTED_CA bit, because Goanna hasn't
// needed to consider end-entity certs to be their own trust anchors since
// Goanna implemented nsICertOverrideService.
- if (flags & CERTDB_TRUSTED_CA) {
+ // Of course, for this to work as expected, we need to make sure we're
+ // inquiring about the trust of a CA and not an end-entity. If an end-entity
+ // has the CERTDB_TRUSTED_CA bit set, Gecko does not consider it to be a
+ // trust anchor; it must inherit its trust.
+ if (flags & CERTDB_TRUSTED_CA && endEntityOrCA == EndEntityOrCA::MustBeCA) {
if (policy.IsAnyPolicy()) {
trustLevel = TrustLevel::TrustAnchor;
return Success;