Remove hostname parameter to trust domain.
This commit is contained in:
parent
d9d8b761c0
commit
6fde4f6686
|
@ -422,7 +422,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||||
SHA1Mode::Allowed,
|
SHA1Mode::Allowed,
|
||||||
NetscapeStepUpPolicy::NeverMatch,
|
NetscapeStepUpPolicy::NeverMatch,
|
||||||
originAttributes,
|
originAttributes,
|
||||||
builtChain, nullptr);
|
builtChain);
|
||||||
rv = BuildCertChain(trustDomain, certDER, time,
|
rv = BuildCertChain(trustDomain, certDER, time,
|
||||||
EndEntityOrCA::MustBeEndEntity,
|
EndEntityOrCA::MustBeEndEntity,
|
||||||
KeyUsage::digitalSignature,
|
KeyUsage::digitalSignature,
|
||||||
|
@ -489,8 +489,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||||
mCertShortLifetimeInDays, mPinningMode, MIN_RSA_BITS,
|
mCertShortLifetimeInDays, mPinningMode, MIN_RSA_BITS,
|
||||||
ValidityCheckingMode::CheckForEV,
|
ValidityCheckingMode::CheckForEV,
|
||||||
sha1ModeConfigurations[i], mNetscapeStepUpPolicy,
|
sha1ModeConfigurations[i], mNetscapeStepUpPolicy,
|
||||||
originAttributes, builtChain,
|
originAttributes, builtChain);
|
||||||
hostname);
|
|
||||||
rv = BuildCertChainForOneKeyUsage(trustDomain, certDER, time,
|
rv = BuildCertChainForOneKeyUsage(trustDomain, certDER, time,
|
||||||
KeyUsage::digitalSignature,// (EC)DHE
|
KeyUsage::digitalSignature,// (EC)DHE
|
||||||
KeyUsage::keyEncipherment, // RSA
|
KeyUsage::keyEncipherment, // RSA
|
||||||
|
@ -572,8 +571,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||||
ValidityCheckingMode::CheckingOff,
|
ValidityCheckingMode::CheckingOff,
|
||||||
sha1ModeConfigurations[j],
|
sha1ModeConfigurations[j],
|
||||||
mNetscapeStepUpPolicy,
|
mNetscapeStepUpPolicy,
|
||||||
originAttributes, builtChain,
|
originAttributes, builtChain);
|
||||||
hostname);
|
|
||||||
rv = BuildCertChainForOneKeyUsage(trustDomain, certDER, time,
|
rv = BuildCertChainForOneKeyUsage(trustDomain, certDER, time,
|
||||||
KeyUsage::digitalSignature,//(EC)DHE
|
KeyUsage::digitalSignature,//(EC)DHE
|
||||||
KeyUsage::keyEncipherment,//RSA
|
KeyUsage::keyEncipherment,//RSA
|
||||||
|
@ -635,7 +633,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||||
pinningDisabled, MIN_RSA_BITS_WEAK,
|
pinningDisabled, MIN_RSA_BITS_WEAK,
|
||||||
ValidityCheckingMode::CheckingOff,
|
ValidityCheckingMode::CheckingOff,
|
||||||
SHA1Mode::Allowed, mNetscapeStepUpPolicy,
|
SHA1Mode::Allowed, mNetscapeStepUpPolicy,
|
||||||
originAttributes, builtChain, nullptr);
|
originAttributes, builtChain);
|
||||||
rv = BuildCertChain(trustDomain, certDER, time,
|
rv = BuildCertChain(trustDomain, certDER, time,
|
||||||
EndEntityOrCA::MustBeCA, KeyUsage::keyCertSign,
|
EndEntityOrCA::MustBeCA, KeyUsage::keyCertSign,
|
||||||
KeyPurposeId::id_kp_serverAuth,
|
KeyPurposeId::id_kp_serverAuth,
|
||||||
|
@ -651,7 +649,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||||
ValidityCheckingMode::CheckingOff,
|
ValidityCheckingMode::CheckingOff,
|
||||||
SHA1Mode::Allowed,
|
SHA1Mode::Allowed,
|
||||||
NetscapeStepUpPolicy::NeverMatch,
|
NetscapeStepUpPolicy::NeverMatch,
|
||||||
originAttributes, builtChain, nullptr);
|
originAttributes, builtChain);
|
||||||
rv = BuildCertChain(trustDomain, certDER, time,
|
rv = BuildCertChain(trustDomain, certDER, time,
|
||||||
EndEntityOrCA::MustBeEndEntity,
|
EndEntityOrCA::MustBeEndEntity,
|
||||||
KeyUsage::digitalSignature,
|
KeyUsage::digitalSignature,
|
||||||
|
@ -678,7 +676,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||||
ValidityCheckingMode::CheckingOff,
|
ValidityCheckingMode::CheckingOff,
|
||||||
SHA1Mode::Allowed,
|
SHA1Mode::Allowed,
|
||||||
NetscapeStepUpPolicy::NeverMatch,
|
NetscapeStepUpPolicy::NeverMatch,
|
||||||
originAttributes, builtChain, nullptr);
|
originAttributes, builtChain);
|
||||||
rv = BuildCertChain(trustDomain, certDER, time,
|
rv = BuildCertChain(trustDomain, certDER, time,
|
||||||
EndEntityOrCA::MustBeEndEntity,
|
EndEntityOrCA::MustBeEndEntity,
|
||||||
KeyUsage::keyEncipherment, // RSA
|
KeyUsage::keyEncipherment, // RSA
|
||||||
|
@ -702,7 +700,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||||
ValidityCheckingMode::CheckingOff,
|
ValidityCheckingMode::CheckingOff,
|
||||||
SHA1Mode::Allowed,
|
SHA1Mode::Allowed,
|
||||||
NetscapeStepUpPolicy::NeverMatch,
|
NetscapeStepUpPolicy::NeverMatch,
|
||||||
originAttributes, builtChain, nullptr);
|
originAttributes, builtChain);
|
||||||
rv = BuildCertChain(trustDomain, certDER, time,
|
rv = BuildCertChain(trustDomain, certDER, time,
|
||||||
EndEntityOrCA::MustBeEndEntity,
|
EndEntityOrCA::MustBeEndEntity,
|
||||||
KeyUsage::digitalSignature,
|
KeyUsage::digitalSignature,
|
||||||
|
@ -735,7 +733,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||||
ValidityCheckingMode::CheckingOff,
|
ValidityCheckingMode::CheckingOff,
|
||||||
SHA1Mode::Allowed,
|
SHA1Mode::Allowed,
|
||||||
NetscapeStepUpPolicy::NeverMatch,
|
NetscapeStepUpPolicy::NeverMatch,
|
||||||
originAttributes, builtChain, nullptr);
|
originAttributes, builtChain);
|
||||||
rv = BuildCertChain(sslTrust, certDER, time, endEntityOrCA,
|
rv = BuildCertChain(sslTrust, certDER, time, endEntityOrCA,
|
||||||
keyUsage, eku, CertPolicyId::anyPolicy,
|
keyUsage, eku, CertPolicyId::anyPolicy,
|
||||||
stapledOCSPResponse);
|
stapledOCSPResponse);
|
||||||
|
@ -747,7 +745,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||||
ValidityCheckingMode::CheckingOff,
|
ValidityCheckingMode::CheckingOff,
|
||||||
SHA1Mode::Allowed,
|
SHA1Mode::Allowed,
|
||||||
NetscapeStepUpPolicy::NeverMatch,
|
NetscapeStepUpPolicy::NeverMatch,
|
||||||
originAttributes, builtChain, nullptr);
|
originAttributes, builtChain);
|
||||||
rv = BuildCertChain(emailTrust, certDER, time, endEntityOrCA,
|
rv = BuildCertChain(emailTrust, certDER, time, endEntityOrCA,
|
||||||
keyUsage, eku, CertPolicyId::anyPolicy,
|
keyUsage, eku, CertPolicyId::anyPolicy,
|
||||||
stapledOCSPResponse);
|
stapledOCSPResponse);
|
||||||
|
@ -761,8 +759,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||||
ValidityCheckingMode::CheckingOff,
|
ValidityCheckingMode::CheckingOff,
|
||||||
SHA1Mode::Allowed,
|
SHA1Mode::Allowed,
|
||||||
NetscapeStepUpPolicy::NeverMatch,
|
NetscapeStepUpPolicy::NeverMatch,
|
||||||
originAttributes, builtChain,
|
originAttributes, builtChain);
|
||||||
nullptr);
|
|
||||||
rv = BuildCertChain(objectSigningTrust, certDER, time,
|
rv = BuildCertChain(objectSigningTrust, certDER, time,
|
||||||
endEntityOrCA, keyUsage, eku,
|
endEntityOrCA, keyUsage, eku,
|
||||||
CertPolicyId::anyPolicy, stapledOCSPResponse);
|
CertPolicyId::anyPolicy, stapledOCSPResponse);
|
||||||
|
|
|
@ -58,8 +58,7 @@ NSSCertDBTrustDomain::NSSCertDBTrustDomain(SECTrustType certDBTrustType,
|
||||||
CertVerifier::SHA1Mode sha1Mode,
|
CertVerifier::SHA1Mode sha1Mode,
|
||||||
NetscapeStepUpPolicy netscapeStepUpPolicy,
|
NetscapeStepUpPolicy netscapeStepUpPolicy,
|
||||||
const NeckoOriginAttributes& originAttributes,
|
const NeckoOriginAttributes& originAttributes,
|
||||||
UniqueCERTCertList& builtChain,
|
UniqueCERTCertList& builtChain)
|
||||||
/*optional*/ const char* hostname)
|
|
||||||
: mCertDBTrustType(certDBTrustType)
|
: mCertDBTrustType(certDBTrustType)
|
||||||
, mOCSPFetching(ocspFetching)
|
, mOCSPFetching(ocspFetching)
|
||||||
, mOCSPCache(ocspCache)
|
, mOCSPCache(ocspCache)
|
||||||
|
@ -73,7 +72,6 @@ NSSCertDBTrustDomain::NSSCertDBTrustDomain(SECTrustType certDBTrustType,
|
||||||
, mNetscapeStepUpPolicy(netscapeStepUpPolicy)
|
, mNetscapeStepUpPolicy(netscapeStepUpPolicy)
|
||||||
, mOriginAttributes(originAttributes)
|
, mOriginAttributes(originAttributes)
|
||||||
, mBuiltChain(builtChain)
|
, mBuiltChain(builtChain)
|
||||||
, mHostname(hostname)
|
|
||||||
, mCertBlocklist(do_GetService(NS_CERTBLOCKLIST_CONTRACTID))
|
, mCertBlocklist(do_GetService(NS_CERTBLOCKLIST_CONTRACTID))
|
||||||
, mOCSPStaplingStatus(CertVerifier::OCSP_STAPLING_NEVER_CHECKED)
|
, mOCSPStaplingStatus(CertVerifier::OCSP_STAPLING_NEVER_CHECKED)
|
||||||
, mSCTListFromCertificate()
|
, mSCTListFromCertificate()
|
||||||
|
|
|
@ -83,8 +83,7 @@ public:
|
||||||
CertVerifier::SHA1Mode sha1Mode,
|
CertVerifier::SHA1Mode sha1Mode,
|
||||||
NetscapeStepUpPolicy netscapeStepUpPolicy,
|
NetscapeStepUpPolicy netscapeStepUpPolicy,
|
||||||
const NeckoOriginAttributes& originAttributes,
|
const NeckoOriginAttributes& originAttributes,
|
||||||
UniqueCERTCertList& builtChain,
|
UniqueCERTCertList& builtChain);
|
||||||
/*optional*/ const char* hostname = nullptr);
|
|
||||||
|
|
||||||
virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
|
virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
|
||||||
IssuerChecker& checker,
|
IssuerChecker& checker,
|
||||||
|
@ -187,7 +186,6 @@ private:
|
||||||
NetscapeStepUpPolicy mNetscapeStepUpPolicy;
|
NetscapeStepUpPolicy mNetscapeStepUpPolicy;
|
||||||
const NeckoOriginAttributes& mOriginAttributes;
|
const NeckoOriginAttributes& mOriginAttributes;
|
||||||
UniqueCERTCertList& mBuiltChain; // non-owning
|
UniqueCERTCertList& mBuiltChain; // non-owning
|
||||||
const char* mHostname; // non-owning - only used for pinning checks
|
|
||||||
nsCOMPtr<nsICertBlocklist> mCertBlocklist;
|
nsCOMPtr<nsICertBlocklist> mCertBlocklist;
|
||||||
CertVerifier::OCSPStaplingStatus mOCSPStaplingStatus;
|
CertVerifier::OCSPStaplingStatus mOCSPStaplingStatus;
|
||||||
// Certificate Transparency data extracted during certificate verification
|
// Certificate Transparency data extracted during certificate verification
|
||||||
|
|
Loading…
Reference in New Issue
Block a user