diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-29 09:07:42 +0200 |
---|---|---|
committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-29 09:07:42 +0200 |
commit | aff03b0a67c41cf7af5df9c9eef715a8b27a2667 (patch) | |
tree | aa2909ae4718f81c83c8cfb68c1f5a23485b3173 /security/certverifier/NSSCertDBTrustDomain.cpp | |
parent | bdb4ff581677ad1cd411b55a68c87534f9a64882 (diff) | |
parent | 11caf6ecb3cb8c84d2355a6c6e9580a290147e92 (diff) | |
download | UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.gz UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.lz UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.xz UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.zip |
Merge branch 'master' of https://github.com/MoonchildProductions/UXP into js_dom_performance-resource-timing_1
Diffstat (limited to 'security/certverifier/NSSCertDBTrustDomain.cpp')
-rw-r--r-- | security/certverifier/NSSCertDBTrustDomain.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp index 1fe27b760..b4e12fe9c 100644 --- a/security/certverifier/NSSCertDBTrustDomain.cpp +++ b/security/certverifier/NSSCertDBTrustDomain.cpp @@ -245,7 +245,11 @@ NSSCertDBTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA, // For TRUST, we only use the CERTDB_TRUSTED_CA bit, because Goanna hasn't // needed to consider end-entity certs to be their own trust anchors since // Goanna implemented nsICertOverrideService. - if (flags & CERTDB_TRUSTED_CA) { + // Of course, for this to work as expected, we need to make sure we're + // inquiring about the trust of a CA and not an end-entity. If an end-entity + // has the CERTDB_TRUSTED_CA bit set, Gecko does not consider it to be a + // trust anchor; it must inherit its trust. + if (flags & CERTDB_TRUSTED_CA && endEntityOrCA == EndEntityOrCA::MustBeCA) { if (policy.IsAnyPolicy()) { trustLevel = TrustLevel::TrustAnchor; return Success; |