summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/ssl/cmpcert.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/ssl/cmpcert.c')
-rw-r--r--security/nss/lib/ssl/cmpcert.c31
1 files changed, 3 insertions, 28 deletions
diff --git a/security/nss/lib/ssl/cmpcert.c b/security/nss/lib/ssl/cmpcert.c
index e6edbee83..8ab4a7f8d 100644
--- a/security/nss/lib/ssl/cmpcert.c
+++ b/security/nss/lib/ssl/cmpcert.c
@@ -13,7 +13,7 @@
#include "cert.h"
#include "nspr.h"
#include "secder.h"
-#include "key.h"
+#include "keyhi.h"
#include "nss.h"
/*
@@ -27,13 +27,9 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
SECItem *caname;
CERTCertificate *curcert;
CERTCertificate *oldcert;
- PRInt32 contentlen;
int j;
- int headerlen;
int depth;
- SECStatus rv;
SECItem issuerName;
- SECItem compatIssuerName;
if (!cert || !caNames || !caNames->nnames || !caNames->names ||
!caNames->names->data)
@@ -44,29 +40,11 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
while (curcert) {
issuerName = curcert->derIssuer;
- /* compute an alternate issuer name for compatibility with 2.0
- * enterprise server, which send the CA names without
- * the outer layer of DER header
- */
- rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen);
- if (rv == SECSuccess) {
- compatIssuerName.data = &issuerName.data[headerlen];
- compatIssuerName.len = issuerName.len - headerlen;
- } else {
- compatIssuerName.data = NULL;
- compatIssuerName.len = 0;
- }
-
for (j = 0; j < caNames->nnames; j++) {
caname = &caNames->names[j];
if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
- rv = SECSuccess;
CERT_DestroyCertificate(curcert);
- goto done;
- } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
- rv = SECSuccess;
- CERT_DestroyCertificate(curcert);
- goto done;
+ return SECSuccess;
}
}
if ((depth <= 20) &&
@@ -82,8 +60,5 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
curcert = NULL;
}
}
- rv = SECFailure;
-
-done:
- return rv;
+ return SECFailure;
}