Remove hostname parameter to trust domain.
Fedor
parent
d9d8b761c0
commit
6fde4f6686
|
|
@ -422,7 +422,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
|||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes,
|
||||
builtChain, nullptr);
|
||||
builtChain);
|
||||
rv = BuildCertChain(trustDomain, certDER, time,
|
||||
EndEntityOrCA::MustBeEndEntity,
|
||||
KeyUsage::digitalSignature,
|
||||
|
|
@ -489,8 +489,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
|||
mCertShortLifetimeInDays, mPinningMode, MIN_RSA_BITS,
|
||||
ValidityCheckingMode::CheckForEV,
|
||||
sha1ModeConfigurations[i], mNetscapeStepUpPolicy,
|
||||
originAttributes, builtChain,
|
||||
hostname);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChainForOneKeyUsage(trustDomain, certDER, time,
|
||||
KeyUsage::digitalSignature,// (EC)DHE
|
||||
KeyUsage::keyEncipherment, // RSA
|
||||
|
|
@ -572,8 +571,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
|||
ValidityCheckingMode::CheckingOff,
|
||||
sha1ModeConfigurations[j],
|
||||
mNetscapeStepUpPolicy,
|
||||
originAttributes, builtChain,
|
||||
hostname);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChainForOneKeyUsage(trustDomain, certDER, time,
|
||||
KeyUsage::digitalSignature,//(EC)DHE
|
||||
KeyUsage::keyEncipherment,//RSA
|
||||
|
|
@ -635,7 +633,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
|||
pinningDisabled, MIN_RSA_BITS_WEAK,
|
||||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed, mNetscapeStepUpPolicy,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(trustDomain, certDER, time,
|
||||
EndEntityOrCA::MustBeCA, KeyUsage::keyCertSign,
|
||||
KeyPurposeId::id_kp_serverAuth,
|
||||
|
|
@ -651,7 +649,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
|||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(trustDomain, certDER, time,
|
||||
EndEntityOrCA::MustBeEndEntity,
|
||||
KeyUsage::digitalSignature,
|
||||
|
|
@ -678,7 +676,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
|||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(trustDomain, certDER, time,
|
||||
EndEntityOrCA::MustBeEndEntity,
|
||||
KeyUsage::keyEncipherment, // RSA
|
||||
|
|
@ -702,7 +700,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
|||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(trustDomain, certDER, time,
|
||||
EndEntityOrCA::MustBeEndEntity,
|
||||
KeyUsage::digitalSignature,
|
||||
|
|
@ -735,7 +733,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
|||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(sslTrust, certDER, time, endEntityOrCA,
|
||||
keyUsage, eku, CertPolicyId::anyPolicy,
|
||||
stapledOCSPResponse);
|
||||
|
|
@ -747,7 +745,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
|||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(emailTrust, certDER, time, endEntityOrCA,
|
||||
keyUsage, eku, CertPolicyId::anyPolicy,
|
||||
stapledOCSPResponse);
|
||||
|
|
@ -761,8 +759,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
|||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain,
|
||||
nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(objectSigningTrust, certDER, time,
|
||||
endEntityOrCA, keyUsage, eku,
|
||||
CertPolicyId::anyPolicy, stapledOCSPResponse);
|
||||
|
|
|
|||
|
|
@ -58,8 +58,7 @@ NSSCertDBTrustDomain::NSSCertDBTrustDomain(SECTrustType certDBTrustType,
|
|||
CertVerifier::SHA1Mode sha1Mode,
|
||||
NetscapeStepUpPolicy netscapeStepUpPolicy,
|
||||
const NeckoOriginAttributes& originAttributes,
|
||||
UniqueCERTCertList& builtChain,
|
||||
/*optional*/ const char* hostname)
|
||||
UniqueCERTCertList& builtChain)
|
||||
: mCertDBTrustType(certDBTrustType)
|
||||
, mOCSPFetching(ocspFetching)
|
||||
, mOCSPCache(ocspCache)
|
||||
|
|
@ -73,7 +72,6 @@ NSSCertDBTrustDomain::NSSCertDBTrustDomain(SECTrustType certDBTrustType,
|
|||
, mNetscapeStepUpPolicy(netscapeStepUpPolicy)
|
||||
, mOriginAttributes(originAttributes)
|
||||
, mBuiltChain(builtChain)
|
||||
, mHostname(hostname)
|
||||
, mCertBlocklist(do_GetService(NS_CERTBLOCKLIST_CONTRACTID))
|
||||
, mOCSPStaplingStatus(CertVerifier::OCSP_STAPLING_NEVER_CHECKED)
|
||||
, mSCTListFromCertificate()
|
||||
|
|
|
|||
|
|
@ -83,8 +83,7 @@ public:
|
|||
CertVerifier::SHA1Mode sha1Mode,
|
||||
NetscapeStepUpPolicy netscapeStepUpPolicy,
|
||||
const NeckoOriginAttributes& originAttributes,
|
||||
UniqueCERTCertList& builtChain,
|
||||
/*optional*/ const char* hostname = nullptr);
|
||||
UniqueCERTCertList& builtChain);
|
||||
|
||||
virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
|
||||
IssuerChecker& checker,
|
||||
|
|
@ -187,7 +186,6 @@ private:
|
|||
NetscapeStepUpPolicy mNetscapeStepUpPolicy;
|
||||
const NeckoOriginAttributes& mOriginAttributes;
|
||||
UniqueCERTCertList& mBuiltChain; // non-owning
|
||||
const char* mHostname; // non-owning - only used for pinning checks
|
||||
nsCOMPtr<nsICertBlocklist> mCertBlocklist;
|
||||
CertVerifier::OCSPStaplingStatus mOCSPStaplingStatus;
|
||||
// Certificate Transparency data extracted during certificate verification
|
||||
|
|
|
|||
Loading…
Reference in New Issue