diff options
Diffstat (limited to 'mozilla-1042889.patch')
-rw-r--r-- | mozilla-1042889.patch | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/mozilla-1042889.patch b/mozilla-1042889.patch new file mode 100644 index 0000000..6061b9b --- /dev/null +++ b/mozilla-1042889.patch @@ -0,0 +1,81 @@ +diff --git a/dom/browser-element/BrowserElementChildPreload.js b/dom/browser-element/BrowserElementChildPreload.js +--- a/dom/browser-element/BrowserElementChildPreload.js ++++ b/dom/browser-element/BrowserElementChildPreload.js +@@ -90,16 +90,17 @@ function getErrorClass(errorCode) { + switch (NSPRCode) { + case SEC_ERROR_UNKNOWN_ISSUER: + case SEC_ERROR_UNTRUSTED_ISSUER: + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + case SEC_ERROR_UNTRUSTED_CERT: + case SSL_ERROR_BAD_CERT_DOMAIN: + case SEC_ERROR_EXPIRED_CERTIFICATE: + case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: ++ case SEC_ERROR_CA_CERT_INVALID: + case MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: + return Ci.nsINSSErrorsService.ERROR_CLASS_BAD_CERT; + default: + return Ci.nsINSSErrorsService.ERROR_CLASS_SSL_PROTOCOL; + } + + return null; + } +diff --git a/security/manager/ssl/src/NSSErrorsService.cpp b/security/manager/ssl/src/NSSErrorsService.cpp +--- a/security/manager/ssl/src/NSSErrorsService.cpp ++++ b/security/manager/ssl/src/NSSErrorsService.cpp +@@ -136,16 +136,17 @@ NSSErrorsService::GetErrorClass(nsresult + // Overridable errors. + case SEC_ERROR_UNKNOWN_ISSUER: + case SEC_ERROR_UNTRUSTED_ISSUER: + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + case SEC_ERROR_UNTRUSTED_CERT: + case SSL_ERROR_BAD_CERT_DOMAIN: + case SEC_ERROR_EXPIRED_CERTIFICATE: + case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: ++ case SEC_ERROR_CA_CERT_INVALID: + case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: + *aErrorClass = ERROR_CLASS_BAD_CERT; + break; + // Non-overridable errors. + default: + *aErrorClass = ERROR_CLASS_SSL_PROTOCOL; + break; + } +diff --git a/security/manager/ssl/src/SSLServerCertVerification.cpp b/security/manager/ssl/src/SSLServerCertVerification.cpp +--- a/security/manager/ssl/src/SSLServerCertVerification.cpp ++++ b/security/manager/ssl/src/SSLServerCertVerification.cpp +@@ -287,16 +287,17 @@ private: + + // A probe value of 1 means "no error". + uint32_t + MapCertErrorToProbeValue(PRErrorCode errorCode) + { + switch (errorCode) + { + case SEC_ERROR_UNKNOWN_ISSUER: return 2; ++ case SEC_ERROR_CA_CERT_INVALID: return 3; + case SEC_ERROR_UNTRUSTED_ISSUER: return 4; + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: return 5; + case SEC_ERROR_UNTRUSTED_CERT: return 6; + case SEC_ERROR_INADEQUATE_KEY_USAGE: return 7; + case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: return 8; + case SSL_ERROR_BAD_CERT_DOMAIN: return 9; + case SEC_ERROR_EXPIRED_CERTIFICATE: return 10; + case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: return 11; +@@ -321,16 +322,17 @@ DetermineCertOverrideErrors(CERTCertific + MOZ_ASSERT(errorCodeMismatch == 0); + MOZ_ASSERT(errorCodeExpired == 0); + + // Assumes the error prioritization described in mozilla::pkix's + // BuildForward function. Also assumes that CERT_VerifyCertName was only + // called if CertVerifier::VerifyCert succeeded. + switch (defaultErrorCodeToReport) { + case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: ++ case SEC_ERROR_CA_CERT_INVALID: + case SEC_ERROR_UNKNOWN_ISSUER: + case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: + { + collectedErrors = nsICertOverrideService::ERROR_UNTRUSTED; + errorCodeTrust = defaultErrorCodeToReport; + + SECCertTimeValidity validity = CERT_CheckCertValidTimes(cert, now, false); + if (validity == secCertTimeUndetermined) { |