diff options
| author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
| commit | f4a12fc67689a830e9da1c87fd11afe5bc09deb3 (patch) | |
| tree | 211ae0cd022a6c11b0026ecc7761a550c584583c /security/nss/lib/libpkix/pkix_pl_nss | |
| parent | f7d30133221896638f7bf4f66c504255c4b14f48 (diff) | |
| download | UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.gz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.lz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.xz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.zip | |
Issue #1338 - Part 2: Update NSS to 3.48-RTM
Diffstat (limited to 'security/nss/lib/libpkix/pkix_pl_nss')
| -rw-r--r-- | security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c | 5 | ||||
| -rw-r--r-- | security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c | 13 |
2 files changed, 5 insertions, 13 deletions
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c index 3dc06be9a..9b6f8d688 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c @@ -352,7 +352,9 @@ pkix_pl_LdapDefaultClient_VerifyBindResponse( SECItem decode = {siBuffer, NULL, 0}; SECStatus rv = SECFailure; LDAPMessage msg; - LDAPBindResponse *ldapBindResponse = NULL; + LDAPBindResponse *ldapBindResponse = &msg.protocolOp.op.bindResponseMsg; + + ldapBindResponse->resultCode.data = NULL; PKIX_ENTER (LDAPDEFAULTCLIENT, @@ -367,7 +369,6 @@ pkix_pl_LdapDefaultClient_VerifyBindResponse( PKIX_LDAPDEFAULTCLIENTDECODEBINDRESPONSEFAILED); if (rv == SECSuccess) { - ldapBindResponse = &msg.protocolOp.op.bindResponseMsg; if (*(ldapBindResponse->resultCode.data) == SUCCESS) { client->connectStatus = BOUND; } else { diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index 145dcff9a..25a1170a5 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -3002,17 +3002,8 @@ PKIX_PL_Cert_VerifyCertAndKeyType( if (CERT_CheckKeyUsage(cert->nssCert, requiredKeyUsage) != SECSuccess) { PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED); } - if (certUsage != certUsageIPsec) { - if (!(certType & requiredCertType)) { - PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED); - } - } else { - PRBool isCritical; - PRBool allowed = cert_EKUAllowsIPsecIKE(cert->nssCert, &isCritical); - /* If the extension isn't critical, we allow any EKU value. */ - if (isCritical && !allowed) { - PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED); - } + if (!(certType & requiredCertType)) { + PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED); } cleanup: PKIX_DECREF(basicConstraints); |