Don't accept non-user certs when looking for a recipient. NSS_MULTIACCESS_M8_TMP
authorrelyea%netscape.com
Fri, 30 Aug 2002 03:44:24 +0000
branchNSS_MULTIACCESS_M8_TMP
changeset 3514 d32360ba374b24ae2269b7ccb1aa7aac0b883c49
parent 3491 1b872cf7af2caeba336e5c886381dab8ad2c7dff
child 13811 e4177473e2652de3a5ba2913f57608a0d16f86d8
push idunknown
push userunknown
push dateunknown
Don't accept non-user certs when looking for a recipient.
security/nss/lib/pk11wrap/pk11cert.c
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -2110,16 +2110,21 @@ pk11_FindCertObjectByRecipientNew(PK11Sl
     for (i=0; (ri = recipientlist[i]) != NULL; i++) {
 	CERTCertificate *cert = NULL;
 	/* XXXXX fixme - not yet implemented! */
 	if (ri->kind == RLSubjKeyID)
 	    continue;
 	cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->id.issuerAndSN, 
 								pwarg);
 	if (cert) {
+	    if ((cert->trust == NULL) ||
+		((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) {
+		CERT_DestroyCertificate(cert);
+		continue;
+	    }
 	    ri->slot = PK11_ReferenceSlot(slot);
 	    *rlIndex = i;
 	    return cert;
 	}
 
     }
     *rlIndex = -1;
     return NULL;
@@ -2177,16 +2182,21 @@ pk11_FindCertObjectByRecipient(PK11SlotI
     int i;
 
     for (i=0; (ri = recipientArray[i]) != NULL; i++) {
 	CERTCertificate *cert;
 
 	cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->issuerAndSN, 
 								pwarg);
         if (cert) {
+	    if ((cert->trust == NULL) ||
+		((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) {
+		CERT_DestroyCertificate(cert);
+		continue;
+	    }
 	    *rip = ri;
 	    return cert;
 	}
 
     }
     *rip = NULL;
     return NULL;
 }