From 88ef0e46b1244b3fd0dd46cc38f8efd6fdea430b Mon Sep 17 00:00:00 2001
From: "javi%netscape.com"
 <javi%netscape.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Mon, 11 Jun 2001 17:32:31 +0000
Subject: [PATCH] Fix for Bug 84057 r=ddrinan, sr=blizzard, a=asa

  Fix for crasher if doing SSL with a site whose certificate
  was issued by a cert with a non-ASCII character in its
  subject name.  We now get the peer's certificate from the
  SSL libraries instead of trying to re-parse the UTF8 string
  (which NSS doesn't like) into the CERTName structure that's
  already in the certificate.


git-svn-id: svn://10.0.0.236/trunk@96862 18797224-902f-48f8-a5cc-f745e15eee43
---
 .../security/manager/ssl/src/nsNSSCallbacks.cpp | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp b/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp
index 906e2b156e9..a0b26ec6f96 100644
--- a/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -206,12 +206,21 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) {
         secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
                      nsIWebProgressListener::STATE_SECURE_LOW);
 
-      CERTName* certName = CERT_AsciiToName(signer);
-      char* caName = CERT_GetOrgName(certName);
+      CERTCertificate *peerCert = SSL_PeerCertificate(fd);
+      char* caName = CERT_GetOrgName(&peerCert->subject);
+      CERT_DestroyCertificate(peerCert);
+      if (!caName) {
+        caName = signer;
+      }
 
       // If the CA name is RSA Data Security, then change the name to the real
       // name of the company i.e. VeriSign, Inc.
       if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) {
+        // In this case, caName != signer since the logic implies signer
+        // would be at minimal "O=RSA Data Security, Inc" because caName
+        // is what comes after to O=.  So we're OK just freeing this memory
+        // without checking to see if it's equal to signer;
+        NS_ASSERTION(caName != signer, "caName was equal to caName when it shouldn't be");
         PR_Free(caName);
         caName = PL_strdup("Verisign, Inc.");
       }
@@ -244,8 +253,8 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) {
 
       infoObject->SetSSLStatus(status);
 
-      PR_Free(caName);
-      CERT_DestroyName(certName);
+      if (caName != signer)
+        PR_Free(caName);
       PR_Free(signer);
       PR_Free(cipherName);
     }