From baac831b29a02432148e98b99cb3fa9b2e87af07 Mon Sep 17 00:00:00 2001 From: "jpierre%netscape.com" Date: Wed, 9 Apr 2003 22:23:10 +0000 Subject: [PATCH] Fix for 201259 . Make the default client auth callback NSS_GetClientAuthData work with dual-key certs. r=nelsonb, sr=wtc git-svn-id: svn://10.0.0.236/trunk@140939 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/security/nss/lib/ssl/authcert.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/mozilla/security/nss/lib/ssl/authcert.c b/mozilla/security/nss/lib/ssl/authcert.c index 9a23ce21813..23982412e60 100644 --- a/mozilla/security/nss/lib/ssl/authcert.c +++ b/mozilla/security/nss/lib/ssl/authcert.c @@ -32,7 +32,7 @@ * may use your version of this file under either the MPL or the * GPL. * - * $Id: authcert.c,v 1.2 2001-12-07 01:36:21 relyea%netscape.com Exp $ + * $Id: authcert.c,v 1.3 2003-04-09 22:23:10 jpierre%netscape.com Exp $ */ #include @@ -68,7 +68,9 @@ NSS_GetClientAuthData(void * arg, proto_win = SSL_RevealPinArg(socket); if (chosenNickName) { - cert = PK11_FindCertFromNickname(chosenNickName, proto_win); + cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), + chosenNickName, certUsageSSLClient, + PR_FALSE, proto_win); if ( cert ) { privkey = PK11_FindKeyByAnyCert(cert, proto_win); if ( privkey ) { @@ -85,7 +87,9 @@ NSS_GetClientAuthData(void * arg, SEC_CERT_NICKNAMES_USER, proto_win); if (names != NULL) { for (i = 0; i < names->numnicknames; i++) { - cert = PK11_FindCertFromNickname(names->nicknames[i],proto_win); + cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), + names->nicknames[i], certUsageSSLClient, + PR_FALSE, proto_win); if ( !cert ) continue; /* Only check unexpired certs */