Bugzilla Bug 258416: trust Sonera Class 1 CA only for S/MIME. r=nelsonb. NSS_3_9_BRANCH
authorwtchang%redhat.com
Thu, 14 Apr 2005 16:48:33 +0000
branchNSS_3_9_BRANCH
changeset 5619 766fa779cf563b2ff5d2d70874b83860bfe5d676
parent 5545 3df79ddce9038bae2e57f05bc41f608e479771ea
child 5623 5960df860261fdaededc23bc5ce6ae0746bebed1
push idunknown
push userunknown
push dateunknown
reviewersnelsonb
bugs258416
Bugzilla Bug 258416: trust Sonera Class 1 CA only for S/MIME. r=nelsonb. Modified files: certdata.c certdata.txt nssckbi.h Tag: NSS_3_9_BRANCH
security/nss/lib/ckfw/builtins/certdata.c
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/ckfw/builtins/nssckbi.h
--- a/security/nss/lib/ckfw/builtins/certdata.c
+++ b/security/nss/lib/ckfw/builtins/certdata.c
@@ -34,25 +34,25 @@
 #ifdef DEBUG
 static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$";
 #endif /* DEBUG */
 
 #ifndef BUILTINS_H
 #include "builtins.h"
 #endif /* BUILTINS_H */
 
-static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
-static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID;
-static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
-static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
+static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
 static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509;
+static const CK_BBOOL ck_false = CK_FALSE;
+static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID;
+static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
 static const CK_OBJECT_CLASS cko_data = CKO_DATA;
-static const CK_BBOOL ck_false = CK_FALSE;
 static const CK_BBOOL ck_true = CK_TRUE;
-static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
+static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
+static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
 #ifdef DEBUG
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_0 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_APPLICATION,  CKA_VALUE
 };
 #endif /* DEBUG */
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_1 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL
 };
@@ -10418,19 +10418,19 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)16 },
   { (void *)"\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061"
 "\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141"
 "\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162"
 "\141\040\103\154\141\163\163\061\040\103\101"
 , (PRUint32)59 },
   { (void *)"\002\001\044"
 , (PRUint32)3 },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
 static const NSSItem nss_builtins_items_158 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Sonera Class 2 Root CA", (PRUint32)23 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -10705,19 +10705,19 @@ CKA_ISSUER MULTILINE_OCTAL
 \060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061
 \017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141
 \061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162
 \141\040\103\154\141\163\163\061\040\103\101
 END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\001\044
 END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
 
 #
 # Certificate "Sonera Class 2 Root CA"
 #
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -66,18 +66,18 @@
  *     ...
  *   - NSS 3.30 branch: 250-255
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 42
-#define NSS_BUILTINS_LIBRARY_VERSION "1.42"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 43
+#define NSS_BUILTINS_LIBRARY_VERSION "1.43"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These version numbers detail the semantic changes to ckbi itself 
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1