Bug 1020683, Part 2: Remove more references to CERTCertificate from mozilla::pkix, r=keeler
authorBrian Smith <brian@briansmith.org>
Wed, 04 Jun 2014 00:03:28 -0700
changeset 206533 dc9d168ba8fb8366f875a2556bcacd06bacf5e75
parent 206532 fa797212429e813a44f198c59763a44027a1cadc
child 206534 77f2f8f2c506459e82a1d0cc34dccb605fddc214
push id3741
push userasasaki@mozilla.com
push dateMon, 21 Jul 2014 20:25:18 +0000
treeherdermozilla-beta@4d6f46f5af68 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1020683
milestone32.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1020683, Part 2: Remove more references to CERTCertificate from mozilla::pkix, r=keeler
security/pkix/lib/pkixbuild.cpp
--- a/security/pkix/lib/pkixbuild.cpp
+++ b/security/pkix/lib/pkixbuild.cpp
@@ -162,20 +162,20 @@ BuildForwardInner(TrustDomain& trustDoma
   // RFC5280 4.2.1.2. Subject Key Identifier
 
   // Loop prevention, done as recommended by RFC4158 Section 5.2
   // TODO: this doesn't account for subjectAltNames!
   // TODO(perf): This probably can and should be optimized in some way.
   bool loopDetected = false;
   for (BackCert* prev = potentialIssuer.childCert;
        !loopDetected && prev != nullptr; prev = prev->childCert) {
-    if (SECITEM_ItemsAreEqual(&potentialIssuer.GetNSSCert()->derPublicKey,
-                              &prev->GetNSSCert()->derPublicKey) &&
-        SECITEM_ItemsAreEqual(&potentialIssuer.GetNSSCert()->derSubject,
-                              &prev->GetNSSCert()->derSubject)) {
+    if (SECITEM_ItemsAreEqual(&potentialIssuer.GetSubjectPublicKeyInfo(),
+                              &prev->GetSubjectPublicKeyInfo()) &&
+        SECITEM_ItemsAreEqual(&potentialIssuer.GetSubject(),
+                              &prev->GetSubject())) {
       return Fail(RecoverableError, SEC_ERROR_UNKNOWN_ISSUER); // XXX: error code
     }
   }
 
   rv = CheckNameConstraints(potentialIssuer);
   if (rv != Success) {
     return rv;
   }