#thunderbird3.1.source.file.sha1sum = 58230d0bfbc69f45d754d8eb7ad012f1debfe203
#thunderbird3.1.source.file.name = thunderbird-3.1.9.source.tar.bz2
#thunderbird3.1.source.file.sha1sum = 22b153102939430180ae1873ce15ef52286ff08d
-thunderbird3.1.source.file.name = thunderbird-3.1.10.source.tar.bz2
-thunderbird3.1.source.file.sha1sum = 54aceedb71f2e3b9b1f298d8c60f64931e9dafd2
+#thunderbird3.1.source.file.name = thunderbird-3.1.10.source.tar.bz2
+#thunderbird3.1.source.file.sha1sum = 54aceedb71f2e3b9b1f298d8c60f64931e9dafd2
+thunderbird3.1.source.file.name = thunderbird-3.1.14.source.tar.bz2
+thunderbird3.1.source.file.sha1sum = 62ea0edbd5265be6da98fcefad3baa36349bfdd0
thunderbird3.1.source.directory = comm-1.9.2
thunderbird3.1.source.dist.directory = mozilla/dist
thunderbird3.1.source.version.file.name = version-192.txt
mAllowTLSIntoleranceTimeout(PR_TRUE),
mRememberClientAuthCertificate(PR_FALSE),
mHandshakeStartTime(0),
- mPort(0)
+ mPort(0),
+ mIsCertIssuerBlacklisted(PR_FALSE)
{
mThreadData = new nsSSLSocketThreadData;
}
static SECStatus
nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
{
+ // cert was revoked, don't do anything else
+ // Calling cancel_and_failure is not necessary, and would be wrong,
+ // [for errors other than the ones explicitly handled below,]
+ // because it suppresses error reporting.
+ if (PR_GetError() == SEC_ERROR_REVOKED_CERTIFICATE)
+ return SECFailure;
+
nsNSSShutDownPreventionLock locker;
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo *)arg;
if (!infoObject)
PR_Now(), (void*)infoObject,
verify_log, NULL);
+ if (infoObject->IsCertIssuerBlacklisted()) {
+ collected_errors |= nsICertOverrideService::ERROR_UNTRUSTED;
+ }
+
// We ignore the result code of the cert verification.
// Either it is a failure, which is expected, and we'll process the
// verify log below.
PRStatus CloseSocketAndDestroy();
+ PRBool IsCertIssuerBlacklisted() const {
+ return mIsCertIssuerBlacklisted;
+ }
+ void SetCertIssuerBlacklisted() {
+ mIsCertIssuerBlacklisted = PR_TRUE;
+ }
protected:
nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
PRFileDesc* mFd;
PRIntervalTime mHandshakeStartTime;
PRInt32 mPort;
nsXPIDLCString mHostName;
+ PRErrorCode mIsCertIssuerBlacklisted;
/* SSL Status */
nsRefPtr<nsSSLStatus> mSSLStatus;
PORT_Assert ((data != NULL && len) || final);
cinfo = NSS_CMSContent_GetContentInfo(p7dcx->content.pointer, p7dcx->type);
+ if (!cinfo) {
+ /* The original programmer didn't expect this to happen */
+ p7dcx->error = SEC_ERROR_LIBRARY_FAILURE;
+ goto loser;
+ }
if (cinfo->ciphcx != NULL) {
/*
/* we got data (either from the caller, or from a lower level encoder) */
cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
+ if (!cinfo) {
+ /* The original programmer didn't expect this to happen */
+ p7ecx->error = SEC_ERROR_LIBRARY_FAILURE;
+ return SECFailure;
+ }
/* Update the running digest. */
if (len && cinfo->digcx != NULL)
/* we are at innermost decoder */
/* find out about our inner content type - must be data */
cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
+ if (!cinfo) {
+ /* The original programmer didn't expect this to happen */
+ p7ecx->error = SEC_ERROR_LIBRARY_FAILURE;
+ return SECFailure;
+ }
+
childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
if (childtype != SEC_OID_PKCS7_DATA && childtype != SEC_OID_SMIME_RECEIPT)
return SECFailure;
/* find out about our inner content type - must be data */
cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
+ if (!cinfo) {
+ /* The original programmer didn't expect this to happen */
+ p7ecx->error = SEC_ERROR_LIBRARY_FAILURE;
+ rv = SECFailure;
+ goto loser;
+ }
childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
if ((childtype == SEC_OID_PKCS7_DATA || childtype == SEC_OID_SMIME_RECEIPT) && cinfo->content.data == NULL) {
SEC_ASN1EncoderClearTakeFromBuf(p7ecx->ecx);