From 9e81b2fcf2d99fd8dfa7f8f2a715fa160751b4b4 Mon Sep 17 00:00:00 2001
From: "jgmyers%speakeasy.net"
 <jgmyers%speakeasy.net@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Sun, 11 Apr 2004 21:03:05 +0000
Subject: [PATCH] Check trust bits before examining cert fields when
 classifying certs: bug 178692 r=ssauxh sr=brendan a=asa

git-svn-id: svn://10.0.0.236/trunk@154694 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/security/manager/ssl/src/nsNSSCertHelper.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mozilla/security/manager/ssl/src/nsNSSCertHelper.cpp b/mozilla/security/manager/ssl/src/nsNSSCertHelper.cpp
index 27ed2fdc79f..600a6de8802 100644
--- a/mozilla/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/mozilla/security/manager/ssl/src/nsNSSCertHelper.cpp
@@ -545,10 +545,14 @@ getCertType(CERTCertificate *cert)
   nsNSSCertTrust trust(cert->trust);
   if (cert->nickname && trust.HasAnyUser())
     return nsIX509Cert::USER_CERT;
-  if (trust.HasAnyCA() || CERT_IsCACert(cert,NULL))
+  if (trust.HasAnyCA())
     return nsIX509Cert::CA_CERT;
   if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
     return nsIX509Cert::SERVER_CERT;
+  if (trust.HasPeer(PR_FALSE, PR_TRUE, PR_FALSE) && cert->emailAddr)
+    return nsIX509Cert::EMAIL_CERT;
+  if (CERT_IsCACert(cert,NULL))
+    return nsIX509Cert::CA_CERT;
   if (cert->emailAddr)
     return nsIX509Cert::EMAIL_CERT;
   return nsIX509Cert::SERVER_CERT;