summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/ssl/authcert.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/ssl/authcert.c')
-rw-r--r--security/nss/lib/ssl/authcert.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/security/nss/lib/ssl/authcert.c b/security/nss/lib/ssl/authcert.c
index d05b30a72..737b4e797 100644
--- a/security/nss/lib/ssl/authcert.c
+++ b/security/nss/lib/ssl/authcert.c
@@ -20,12 +20,12 @@
#include "sslimpl.h"
/*
- * This callback used by SSL to pull client sertificate upon
+ * This callback used by SSL to pull client certificate upon
* server request
*/
SECStatus
NSS_GetClientAuthData(void *arg,
- PRFileDesc *socket,
+ PRFileDesc *fd,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey)
@@ -33,10 +33,14 @@ NSS_GetClientAuthData(void *arg,
CERTCertificate *cert = NULL;
SECKEYPrivateKey *privkey = NULL;
char *chosenNickName = (char *)arg; /* CONST */
- void *proto_win = NULL;
SECStatus rv = SECFailure;
- proto_win = SSL_RevealPinArg(socket);
+ sslSocket *ss = ssl_FindSocket(fd);
+ if (!ss) {
+ return SECFailure;
+ }
+ void *proto_win = SSL_RevealPinArg(fd);
+ PRTime now = ssl_Time(ss);
if (chosenNickName) {
cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
@@ -64,7 +68,7 @@ NSS_GetClientAuthData(void *arg,
if (!cert)
continue;
/* Only check unexpired certs */
- if (CERT_CheckCertValidTimes(cert, ssl_TimeUsec(), PR_TRUE) !=
+ if (CERT_CheckCertValidTimes(cert, now, PR_TRUE) !=
secCertTimeValid) {
CERT_DestroyCertificate(cert);
continue;
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-21 20:02:04 +0000