summaryrefslogtreecommitdiffstats
path: root/security/nss/cmd/addbuiltin
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-02-06 11:46:26 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-02-06 11:46:26 +0100
commitf017b749ea9f1586d2308504553d40bf4cc5439d (patch)
treec6033924a0de9be1ab140596e305898c651bf57e /security/nss/cmd/addbuiltin
parent7c728b3c7680662fc4e92b5d03697b8339560b08 (diff)
downloadUXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.gz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.lz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.xz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.zip
Update NSS to 3.32.1-RTM
Diffstat (limited to 'security/nss/cmd/addbuiltin')
-rw-r--r--security/nss/cmd/addbuiltin/addbuiltin.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/security/nss/cmd/addbuiltin/addbuiltin.c b/security/nss/cmd/addbuiltin/addbuiltin.c
index 9ecad3d64..831672039 100644
--- a/security/nss/cmd/addbuiltin/addbuiltin.c
+++ b/security/nss/cmd/addbuiltin/addbuiltin.c
@@ -31,6 +31,29 @@ dumpbytes(unsigned char *buf, int len)
printf("\n");
}
+int
+hasPositiveTrust(unsigned int trust)
+{
+ if (trust & CERTDB_TRUSTED) {
+ if (trust & CERTDB_TRUSTED_CA) {
+ return PR_TRUE;
+ } else {
+ return PR_FALSE;
+ }
+ } else {
+ if (trust & CERTDB_TRUSTED_CA) {
+ return PR_TRUE;
+ } else if (trust & CERTDB_VALID_CA) {
+ return PR_TRUE;
+ } else if (trust & CERTDB_TERMINAL_RECORD) {
+ return PR_FALSE;
+ } else {
+ return PR_FALSE;
+ }
+ }
+ return PR_FALSE;
+}
+
char *
getTrustString(unsigned int trust)
{
@@ -202,6 +225,11 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
printf("CKA_VALUE MULTILINE_OCTAL\n");
dumpbytes(sdder->data, sdder->len);
printf("END\n");
+ if (hasPositiveTrust(trust->sslFlags) ||
+ hasPositiveTrust(trust->emailFlags) ||
+ hasPositiveTrust(trust->objectSigningFlags)) {
+ printf("CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE\n");
+ }
}
if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags) ==