Lines 287-302
private:
Link Here
|
287 |
|
287 |
|
288 |
// A probe value of 1 means "no error". |
288 |
// A probe value of 1 means "no error". |
289 |
uint32_t |
289 |
uint32_t |
290 |
MapCertErrorToProbeValue(PRErrorCode errorCode) |
290 |
MapCertErrorToProbeValue(PRErrorCode errorCode) |
291 |
{ |
291 |
{ |
292 |
switch (errorCode) |
292 |
switch (errorCode) |
293 |
{ |
293 |
{ |
294 |
case SEC_ERROR_UNKNOWN_ISSUER: return 2; |
294 |
case SEC_ERROR_UNKNOWN_ISSUER: return 2; |
|
|
295 |
case SEC_ERROR_CA_CERT_INVALID: return 3; |
295 |
case SEC_ERROR_UNTRUSTED_ISSUER: return 4; |
296 |
case SEC_ERROR_UNTRUSTED_ISSUER: return 4; |
296 |
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: return 5; |
297 |
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: return 5; |
297 |
case SEC_ERROR_UNTRUSTED_CERT: return 6; |
298 |
case SEC_ERROR_UNTRUSTED_CERT: return 6; |
298 |
case SEC_ERROR_INADEQUATE_KEY_USAGE: return 7; |
299 |
case SEC_ERROR_INADEQUATE_KEY_USAGE: return 7; |
299 |
case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: return 8; |
300 |
case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: return 8; |
300 |
case SSL_ERROR_BAD_CERT_DOMAIN: return 9; |
301 |
case SSL_ERROR_BAD_CERT_DOMAIN: return 9; |
301 |
case SEC_ERROR_EXPIRED_CERTIFICATE: return 10; |
302 |
case SEC_ERROR_EXPIRED_CERTIFICATE: return 10; |
302 |
case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: return 11; |
303 |
case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: return 11; |
Lines 321-336
DetermineCertOverrideErrors(CERTCertific
Link Here
|
321 |
MOZ_ASSERT(errorCodeMismatch == 0); |
322 |
MOZ_ASSERT(errorCodeMismatch == 0); |
322 |
MOZ_ASSERT(errorCodeExpired == 0); |
323 |
MOZ_ASSERT(errorCodeExpired == 0); |
323 |
|
324 |
|
324 |
// Assumes the error prioritization described in mozilla::pkix's |
325 |
// Assumes the error prioritization described in mozilla::pkix's |
325 |
// BuildForward function. Also assumes that CERT_VerifyCertName was only |
326 |
// BuildForward function. Also assumes that CERT_VerifyCertName was only |
326 |
// called if CertVerifier::VerifyCert succeeded. |
327 |
// called if CertVerifier::VerifyCert succeeded. |
327 |
switch (defaultErrorCodeToReport) { |
328 |
switch (defaultErrorCodeToReport) { |
328 |
case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: |
329 |
case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: |
|
|
330 |
case SEC_ERROR_CA_CERT_INVALID: |
329 |
case SEC_ERROR_UNKNOWN_ISSUER: |
331 |
case SEC_ERROR_UNKNOWN_ISSUER: |
330 |
case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: |
332 |
case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: |
331 |
{ |
333 |
{ |
332 |
collectedErrors = nsICertOverrideService::ERROR_UNTRUSTED; |
334 |
collectedErrors = nsICertOverrideService::ERROR_UNTRUSTED; |
333 |
errorCodeTrust = defaultErrorCodeToReport; |
335 |
errorCodeTrust = defaultErrorCodeToReport; |
334 |
|
336 |
|
335 |
SECCertTimeValidity validity = CERT_CheckCertValidTimes(cert, now, false); |
337 |
SECCertTimeValidity validity = CERT_CheckCertValidTimes(cert, now, false); |
336 |
if (validity == secCertTimeUndetermined) { |
338 |
if (validity == secCertTimeUndetermined) { |