Bug 877798 - Fix ssltap to print the correct label certificate_status (not request), r=wtc
authorKai Engert <kaie@kuix.de>
Wed, 05 Jun 2013 21:16:51 +0200
changeset 10800 84dbcfce41d63730531d8424a496cf2eb99bc43d
parent 10799 13089af66082d788ae06d613173b6ed2756d998a
child 10801 23e6ea72c93f6e9c5d6c60a23dcc5642d03816f7
push id109
push userkaie@kuix.de
push dateWed, 05 Jun 2013 19:16:58 +0000
reviewerswtc
bugs877798
Bug 877798 - Fix ssltap to print the correct label certificate_status (not request), r=wtc
cmd/ssltap/ssltap.c
lib/util/secoid.c
--- a/cmd/ssltap/ssltap.c
+++ b/cmd/ssltap/ssltap.c
@@ -1015,17 +1015,17 @@ void print_ssl3_handshake(unsigned char 
     case 4:  PR_FPUTS("new_session_ticket)\n"          ); break;
     case 11: PR_FPUTS("certificate)\n"                 ); break;
     case 12: PR_FPUTS("server_key_exchange)\n"         ); break;
     case 13: PR_FPUTS("certificate_request)\n"         ); break;
     case 14: PR_FPUTS("server_hello_done)\n"           ); break;
     case 15: PR_FPUTS("certificate_verify)\n"          ); break;
     case 16: PR_FPUTS("client_key_exchange)\n"         ); break;
     case 20: PR_FPUTS("finished)\n"                    ); break;
-    case 22: PR_FPUTS("certificate_status_request)\n"  ); break;
+    case 22: PR_FPUTS("certificate_status)\n"          ); break;
     default: PR_FPUTS("unknown)\n"                     ); break;
     }
 
     PR_fprintf(PR_STDOUT,"      length = %d (0x%06x)\n",sslh.length,sslh.length);
     switch (sslh.type) {
 
     case 0: /* hello_request */ /* not much to show here. */ break;
 
@@ -1313,17 +1313,17 @@ void print_ssl3_handshake(unsigned char 
 	   * another one with a different MAC, this logic will not track that 
 	   * change correctly.
 	   */
           s->hMACsize = recordLen - (sslh.length + 4);
 	  sslh.length += s->hMACsize;  /* skip over the MAC data */
       }
       break;
 
-    case 22: /*certificate_status_request*/
+    case 22: /*certificate_status*/
       {
         SECItem data;
         PRFileDesc *ofd;
         static int  ocspFileNumber;
         char        ocspFileName[20];
 
         /* skip 4 bytes with handshake numbers, as in ssl3_HandleCertificateStatus */
         data.type = siBuffer;
--- a/lib/util/secoid.c
+++ b/lib/util/secoid.c
@@ -1926,22 +1926,19 @@ SECOID_Init(void)
     if (oidhash) {
 	return SECSuccess; /* already initialized */
     }
 
     if (!PR_GetEnv("NSS_ALLOW_WEAK_SIGNATURE_ALG")) {
 	/* initialize any policy flags that are disabled by default */
 	xOids[SEC_OID_MD2                           ].notPolicyFlags = ~0;
 	xOids[SEC_OID_MD4                           ].notPolicyFlags = ~0;
-	xOids[SEC_OID_MD5                           ].notPolicyFlags = ~0;
 	xOids[SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
 	xOids[SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
-	xOids[SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
 	xOids[SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC].notPolicyFlags = ~0;
-	xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0;
     }
 
     envVal = PR_GetEnv("NSS_HASH_ALG_SUPPORT");
     if (envVal)
     	handleHashAlgSupport(envVal);
 
     if (secoid_InitDynOidData() != SECSuccess) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);