Check trust bits before examining cert fields when classifying certs: bug 178692 r=ssauxh sr=brendan a=asa

git-svn-id: svn://10.0.0.236/trunk@154694 18797224-902f-48f8-a5cc-f745e15eee43
2004-04-11 21:03:05 +00:00 · 2004-04-11 21:03:05 +00:00 · 9e81b2fcf2
commit 9e81b2fcf2
parent dcb6fabc6b
1 changed files with 5 additions and 1 deletions
--- a/mozilla/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/mozilla/security/manager/ssl/src/nsNSSCertHelper.cpp
@ -545,10 +545,14 @@ getCertType(CERTCertificate *cert)
  nsNSSCertTrust trust(cert->trust);
  if (cert->nickname && trust.HasAnyUser())
    return nsIX509Cert::USER_CERT;
-  if (trust.HasAnyCA() || CERT_IsCACert(cert,NULL))
+  if (trust.HasAnyCA())
    return nsIX509Cert::CA_CERT;
  if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
    return nsIX509Cert::SERVER_CERT;
+  if (trust.HasPeer(PR_FALSE, PR_TRUE, PR_FALSE) && cert->emailAddr)
+    return nsIX509Cert::EMAIL_CERT;
+  if (CERT_IsCACert(cert,NULL))
+    return nsIX509Cert::CA_CERT;
  if (cert->emailAddr)
    return nsIX509Cert::EMAIL_CERT;
  return nsIX509Cert::SERVER_CERT;