diff options
| author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-25 15:48:44 +0200 |
|---|---|---|
| committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-25 15:48:44 +0200 |
| commit | 3ab6c7feee8126bdfc5c9ab9371db41102e12e95 (patch) | |
| tree | a309c45826300b888238b6a517051fe7e71d63eb /security/certverifier/NSSCertDBTrustDomain.cpp | |
| parent | b18a9cf86ea25bc52d9cfea584e3aa8bfbe81f0a (diff) | |
| parent | b069dabc91b7e0f5f8d161cdbe598276a21d6d68 (diff) | |
| download | UXP-3ab6c7feee8126bdfc5c9ab9371db41102e12e95.tar UXP-3ab6c7feee8126bdfc5c9ab9371db41102e12e95.tar.gz UXP-3ab6c7feee8126bdfc5c9ab9371db41102e12e95.tar.lz UXP-3ab6c7feee8126bdfc5c9ab9371db41102e12e95.tar.xz UXP-3ab6c7feee8126bdfc5c9ab9371db41102e12e95.zip | |
Merge branch 'master' of https://github.com/MoonchildProductions/UXP into pm_url_1
Diffstat (limited to 'security/certverifier/NSSCertDBTrustDomain.cpp')
| -rw-r--r-- | security/certverifier/NSSCertDBTrustDomain.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp index 1fe27b760..b4e12fe9c 100644 --- a/security/certverifier/NSSCertDBTrustDomain.cpp +++ b/security/certverifier/NSSCertDBTrustDomain.cpp @@ -245,7 +245,11 @@ NSSCertDBTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA, // For TRUST, we only use the CERTDB_TRUSTED_CA bit, because Goanna hasn't // needed to consider end-entity certs to be their own trust anchors since // Goanna implemented nsICertOverrideService. - if (flags & CERTDB_TRUSTED_CA) { + // Of course, for this to work as expected, we need to make sure we're + // inquiring about the trust of a CA and not an end-entity. If an end-entity + // has the CERTDB_TRUSTED_CA bit set, Gecko does not consider it to be a + // trust anchor; it must inherit its trust. + if (flags & CERTDB_TRUSTED_CA && endEntityOrCA == EndEntityOrCA::MustBeCA) { if (policy.IsAnyPolicy()) { trustLevel = TrustLevel::TrustAnchor; return Success; |