From f017b749ea9f1586d2308504553d40bf4cc5439d Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Tue, 6 Feb 2018 11:46:26 +0100
Subject: Update NSS to 3.32.1-RTM

---
 security/nss/cmd/addbuiltin/addbuiltin.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'security/nss/cmd/addbuiltin/addbuiltin.c')

diff --git a/security/nss/cmd/addbuiltin/addbuiltin.c b/security/nss/cmd/addbuiltin/addbuiltin.c
index 9ecad3d64..831672039 100644
--- a/security/nss/cmd/addbuiltin/addbuiltin.c
+++ b/security/nss/cmd/addbuiltin/addbuiltin.c
@@ -31,6 +31,29 @@ dumpbytes(unsigned char *buf, int len)
     printf("\n");
 }
 
+int
+hasPositiveTrust(unsigned int trust)
+{
+    if (trust & CERTDB_TRUSTED) {
+        if (trust & CERTDB_TRUSTED_CA) {
+            return PR_TRUE;
+        } else {
+            return PR_FALSE;
+        }
+    } else {
+        if (trust & CERTDB_TRUSTED_CA) {
+            return PR_TRUE;
+        } else if (trust & CERTDB_VALID_CA) {
+            return PR_TRUE;
+        } else if (trust & CERTDB_TERMINAL_RECORD) {
+            return PR_FALSE;
+        } else {
+            return PR_FALSE;
+        }
+    }
+    return PR_FALSE;
+}
+
 char *
 getTrustString(unsigned int trust)
 {
@@ -202,6 +225,11 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
         printf("CKA_VALUE MULTILINE_OCTAL\n");
         dumpbytes(sdder->data, sdder->len);
         printf("END\n");
+        if (hasPositiveTrust(trust->sslFlags) ||
+            hasPositiveTrust(trust->emailFlags) ||
+            hasPositiveTrust(trust->objectSigningFlags)) {
+            printf("CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE\n");
+        }
     }
 
     if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags) ==
-- 
cgit v1.2.3