Bug 427081, Allow to override SEC_ERROR_INADEQUATE_KEY_USAGE r=nelson, a1.9=dsicore
authorkaie@kuix.de
Fri, 04 Apr 2008 17:02:31 -0700
changeset 13929 b380051d30079db6f268d6bab6094736e0bceb3b
parent 13928 3ce6dfc190bed1a0b0237221e8f39366935dc720
child 13930 cdcee21f6141d6de0f2096232b8938b40544f509
push id6
push userjorendorff@mozilla.com
push dateMon, 07 Apr 2008 22:38:53 +0000
treeherdermozilla-central@7531959482c7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnelson
bugs427081
milestone1.9pre
Bug 427081, Allow to override SEC_ERROR_INADEQUATE_KEY_USAGE r=nelson, a1.9=dsicore
security/manager/ssl/src/nsNSSComponent.cpp
security/manager/ssl/src/nsNSSIOLayer.cpp
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -2257,16 +2257,17 @@ nsNSSComponent::GetErrorClass(nsresult a
 
   switch (aNSPRCode)
   {
     case SEC_ERROR_UNKNOWN_ISSUER:
     case SEC_ERROR_CA_CERT_INVALID:
     case SEC_ERROR_UNTRUSTED_ISSUER:
     case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
     case SEC_ERROR_UNTRUSTED_CERT:
+    case SEC_ERROR_INADEQUATE_KEY_USAGE:
     case SSL_ERROR_BAD_CERT_DOMAIN:
     case SEC_ERROR_EXPIRED_CERTIFICATE:
       *aErrorClass = ERROR_CLASS_BAD_CERT;
       break;
     default:
       *aErrorClass = ERROR_CLASS_SSL_PROTOCOL;
       break;
   }
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -770,16 +770,19 @@ AppendErrorTextUntrusted(PRErrorCode err
     }
   }
 
   if (!errorID) {
     switch (errTrust) {
       case SEC_ERROR_UNKNOWN_ISSUER:
         errorID = "certErrorTrust_UnknownIssuer";
         break;
+      case SEC_ERROR_INADEQUATE_KEY_USAGE:
+        // Should get an individual string in the future
+        // For now, use the same as CaInvalid
       case SEC_ERROR_CA_CERT_INVALID:
         errorID = "certErrorTrust_CaInvalid";
         break;
       case SEC_ERROR_UNTRUSTED_ISSUER:
         errorID = "certErrorTrust_Issuer";
         break;
       case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
         errorID = "certErrorTrust_ExpiredIssuer";
@@ -2816,16 +2819,17 @@ nsNSSBadCertHandler(void *arg, PRFileDes
     {
       switch (i_node->error)
       {
         case SEC_ERROR_UNKNOWN_ISSUER:
         case SEC_ERROR_CA_CERT_INVALID:
         case SEC_ERROR_UNTRUSTED_ISSUER:
         case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
         case SEC_ERROR_UNTRUSTED_CERT:
+        case SEC_ERROR_INADEQUATE_KEY_USAGE:
           // We group all these errors as "cert not trusted"
           collected_errors |= nsICertOverrideService::ERROR_UNTRUSTED;
           if (errorCodeTrust == SECSuccess) {
             errorCodeTrust = i_node->error;
           }
           break;
         case SSL_ERROR_BAD_CERT_DOMAIN:
           collected_errors |= nsICertOverrideService::ERROR_MISMATCH;