Bug 1020683, Part 2: Remove more references to CERTCertificate from mozilla::pkix, r=keeler
authorBrian Smith <brian@briansmith.org>
Wed, 04 Jun 2014 00:03:28 -0700
changeset 207617 dc9d168ba8fb8366f875a2556bcacd06bacf5e75
parent 207616 fa797212429e813a44f198c59763a44027a1cadc
child 207618 77f2f8f2c506459e82a1d0cc34dccb605fddc214
push id494
push userraliiev@mozilla.com
push dateMon, 25 Aug 2014 18:42:16 +0000
treeherdermozilla-release@a3cc3e46b571 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1020683
milestone32.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1020683, Part 2: Remove more references to CERTCertificate from mozilla::pkix, r=keeler
security/pkix/lib/pkixbuild.cpp
--- a/security/pkix/lib/pkixbuild.cpp
+++ b/security/pkix/lib/pkixbuild.cpp
@@ -162,20 +162,20 @@ BuildForwardInner(TrustDomain& trustDoma
   // RFC5280 4.2.1.2. Subject Key Identifier
 
   // Loop prevention, done as recommended by RFC4158 Section 5.2
   // TODO: this doesn't account for subjectAltNames!
   // TODO(perf): This probably can and should be optimized in some way.
   bool loopDetected = false;
   for (BackCert* prev = potentialIssuer.childCert;
        !loopDetected && prev != nullptr; prev = prev->childCert) {
-    if (SECITEM_ItemsAreEqual(&potentialIssuer.GetNSSCert()->derPublicKey,
-                              &prev->GetNSSCert()->derPublicKey) &&
-        SECITEM_ItemsAreEqual(&potentialIssuer.GetNSSCert()->derSubject,
-                              &prev->GetNSSCert()->derSubject)) {
+    if (SECITEM_ItemsAreEqual(&potentialIssuer.GetSubjectPublicKeyInfo(),
+                              &prev->GetSubjectPublicKeyInfo()) &&
+        SECITEM_ItemsAreEqual(&potentialIssuer.GetSubject(),
+                              &prev->GetSubject())) {
       return Fail(RecoverableError, SEC_ERROR_UNKNOWN_ISSUER); // XXX: error code
     }
   }
 
   rv = CheckNameConstraints(potentialIssuer);
   if (rv != Success) {
     return rv;
   }