author | Ehsan Akhgari <ehsan@mozilla.com> |
Fri, 02 Sep 2011 14:58:49 -0400 | |
changeset 35174 | d19ac6a6ef00e4de49ae8abe6fc49a9458256a43 |
parent 35171 | 98a24c7f3fd2cc1eff9963047c804ecceb4a5df3 |
child 35186 | 23d85432311d9e88d09f564aedc47af22fe198c2 |
push id | 1968 |
push user | eakhgari@mozilla.com |
push date | Fri, 02 Sep 2011 19:35:53 +0000 |
reviewers | kaie, me |
bugs | 683449 |
milestone | 1.9.2.23pre |
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp +++ b/security/manager/ssl/src/nsNSSCallbacks.cpp @@ -1046,28 +1046,16 @@ PSM_SSL_BlacklistDigiNotar(CERTCertifica PRBool isDigiNotarIssuedCert = PR_FALSE; for (CERTCertListNode *node = CERT_LIST_HEAD(serverCertChain); !CERT_LIST_END(node, serverCertChain); node = CERT_LIST_NEXT(node)) { if (!node->cert->issuerName) continue; - // If it's one of the "Staat der Nederlanden Root"s, then don't blacklist. - // Compare names, and ensure it's a self-signed root. - if ((!strcmp(node->cert->issuerName, - "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") || - !strcmp(node->cert->issuerName, - "CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL")) && - SECITEM_ItemsAreEqual(&node->cert->derIssuer,&node->cert->derSubject) - ) { - // keep as valid - return 0; - } - if (strstr(node->cert->issuerName, "CN=DigiNotar")) { isDigiNotarIssuedCert = PR_TRUE; } } if (isDigiNotarIssuedCert) { // let's see if we want to worsen the error code to revoked. PRErrorCode revoked_code = PSM_SSL_DigiNotarTreatAsRevoked(serverCert, serverCertChain);