Bug 427081, Allow to override SEC_ERROR_INADEQUATE_KEY_USAGE r=nelson, a1.9=dsicore
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -2257,16 +2257,17 @@ nsNSSComponent::GetErrorClass(nsresult a
switch (aNSPRCode)
{
case SEC_ERROR_UNKNOWN_ISSUER:
case SEC_ERROR_CA_CERT_INVALID:
case SEC_ERROR_UNTRUSTED_ISSUER:
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
case SEC_ERROR_UNTRUSTED_CERT:
+ case SEC_ERROR_INADEQUATE_KEY_USAGE:
case SSL_ERROR_BAD_CERT_DOMAIN:
case SEC_ERROR_EXPIRED_CERTIFICATE:
*aErrorClass = ERROR_CLASS_BAD_CERT;
break;
default:
*aErrorClass = ERROR_CLASS_SSL_PROTOCOL;
break;
}
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -770,16 +770,19 @@ AppendErrorTextUntrusted(PRErrorCode err
}
}
if (!errorID) {
switch (errTrust) {
case SEC_ERROR_UNKNOWN_ISSUER:
errorID = "certErrorTrust_UnknownIssuer";
break;
+ case SEC_ERROR_INADEQUATE_KEY_USAGE:
+ // Should get an individual string in the future
+ // For now, use the same as CaInvalid
case SEC_ERROR_CA_CERT_INVALID:
errorID = "certErrorTrust_CaInvalid";
break;
case SEC_ERROR_UNTRUSTED_ISSUER:
errorID = "certErrorTrust_Issuer";
break;
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
errorID = "certErrorTrust_ExpiredIssuer";
@@ -2816,16 +2819,17 @@ nsNSSBadCertHandler(void *arg, PRFileDes
{
switch (i_node->error)
{
case SEC_ERROR_UNKNOWN_ISSUER:
case SEC_ERROR_CA_CERT_INVALID:
case SEC_ERROR_UNTRUSTED_ISSUER:
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
case SEC_ERROR_UNTRUSTED_CERT:
+ case SEC_ERROR_INADEQUATE_KEY_USAGE:
// We group all these errors as "cert not trusted"
collected_errors |= nsICertOverrideService::ERROR_UNTRUSTED;
if (errorCodeTrust == SECSuccess) {
errorCodeTrust = i_node->error;
}
break;
case SSL_ERROR_BAD_CERT_DOMAIN:
collected_errors |= nsICertOverrideService::ERROR_MISMATCH;