| diff -aur nss.bak/lib/certdb/certt.h nss-.amd64/lib/certdb/certt.h |
| --- nss.bak/lib/certdb/certt.h 2015-01-21 17:06:13.670737104 -0800 |
| +++ nss-.amd64/lib/certdb/certt.h 2015-01-21 17:07:39.723668597 -0800 |
| @@ -1177,7 +1177,7 @@ |
| /* |
| * How many preferred methods are specified? |
| * This is equivalent to the size of the array that |
| - * preferred_revocation_methods points to. |
| + * preferred_methods points to. |
| * It's allowed to set this value to zero, |
| * then NSS will decide which methods to prefer. |
| */ |
| @@ -1186,7 +1186,7 @@ |
| /* Array that may specify an optional order of preferred methods. |
| * Each array entry shall contain a method identifier as defined |
| * by CERTRevocationMethodIndex. |
| - * The entry at index [0] specifies the method with highest preferrence. |
| + * The entry at index [0] specifies the method with highest preference. |
| * These methods will be tested first for locally available information. |
| * Methods allowed for downloading will be attempted in the same order. |
| */ |
| diff -aur nss.bak/lib/libpkix/include/pkix_revchecker.h nss-.amd64/lib/libpkix/include/pkix_revchecker.h |
| --- nss.bak/lib/libpkix/include/pkix_revchecker.h 2015-01-21 17:06:13.706737494 -0800 |
| +++ nss-.amd64/lib/libpkix/include/pkix_revchecker.h 2015-01-21 17:07:39.723668597 -0800 |
| @@ -117,7 +117,7 @@ |
| * "methodFlags" |
| * Set of flags for the method. |
| * "methodPriority" |
| - * Method priority. (0 corresponds to a highest priority) |
| + * Method priority. (0 corresponds to the highest priority) |
| * "verificationFn" |
| * User call back function that will perform validation of fetched |
| * revocation information(new crl or ocsp response) |
| @@ -143,7 +143,7 @@ |
| PKIX_ProcessingParams *params, |
| PKIX_RevocationMethodType methodType, |
| PKIX_UInt32 methodFlags, |
| - PKIX_UInt32 mathodPriority, |
| + PKIX_UInt32 methodPriority, |
| PKIX_PL_VerifyCallback verificationFn, |
| PKIX_Boolean isLeafMethod, |
| void *plContext); |
| diff -aur nss.bak/lib/libpkix/pkix/checker/pkix_revocationchecker.c nss-.amd64/lib/libpkix/pkix/checker/pkix_revocationchecker.c |
| --- nss.bak/lib/libpkix/pkix/checker/pkix_revocationchecker.c 2015-01-21 17:06:13.718737624 -0800 |
| +++ nss-.amd64/lib/libpkix/pkix/checker/pkix_revocationchecker.c 2015-01-21 17:07:18.351437228 -0800 |
| @@ -137,7 +137,7 @@ |
| PKIX_RETURN(REVOCATIONCHECKER); |
| } |
| |
| -/* Sort methods by theirs priorities */ |
| +/* Sort methods by their priorities (lower priority = higher preference) */ |
| static PKIX_Error * |
| pkix_RevocationChecker_SortComparator( |
| PKIX_PL_Object *obj1, |
| @@ -152,7 +152,13 @@ |
| method1 = (pkix_RevocationMethod *)obj1; |
| method2 = (pkix_RevocationMethod *)obj2; |
| |
| - *pResult = (method1->priority > method2->priority); |
| + if (method1->priority < method2->priority) { |
| + *pResult = -1; |
| + } else if (method1->priority > method2->priority) { |
| + *pResult = 1; |
| + } else { |
| + *pResult = 0; |
| + } |
| |
| PKIX_RETURN(BUILD); |
| } |
| diff -aur nss.bak/lib/libpkix/pkix/checker/pkix_revocationmethod.h nss-.amd64/lib/libpkix/pkix/checker/pkix_revocationmethod.h |
| --- nss.bak/lib/libpkix/pkix/checker/pkix_revocationmethod.h 2015-01-21 17:06:13.718737624 -0800 |
| +++ nss-.amd64/lib/libpkix/pkix/checker/pkix_revocationmethod.h 2015-01-21 17:07:39.723668597 -0800 |
| @@ -48,8 +48,9 @@ |
| void **pNBIOContext, void *plContext); |
| |
| /* Revocation method structure assosiates revocation types with |
| - * a set of flags on the method, a priority of the method, and |
| - * method local/external checker functions. */ |
| + * a set of flags on the method, a priority of the method (0 |
| + * corresponds to the highest priority), and method local/external |
| + * checker functions. */ |
| struct pkix_RevocationMethodStruct { |
| PKIX_RevocationMethodType methodType; |
| PKIX_UInt32 flags; |
| diff -aur nss.bak/lib/libpkix/pkix/top/pkix_build.c nss-.amd64/lib/libpkix/pkix/top/pkix_build.c |
| --- nss.bak/lib/libpkix/pkix/top/pkix_build.c 2015-01-21 17:06:13.722737667 -0800 |
| +++ nss-.amd64/lib/libpkix/pkix/top/pkix_build.c 2015-01-21 17:07:18.351437228 -0800 |
| @@ -660,9 +660,11 @@ |
| * DESCRIPTION: |
| * |
| * This Function takes two Certificates cast in "obj1" and "obj2", |
| - * compares their validity NotAfter dates and returns the result at |
| - * "pResult". The comparison key(s) can be expanded by using other |
| - * data in the Certificate in the future. |
| + * compares them to determine which is a more preferable certificate |
| + * for chain building. This Function is suitable for use as a |
| + * comparator callback for pkix_List_BubbleSort, setting "*pResult" to |
| + * > 0 if "obj1" is less desirable than "obj2" and < 0 if "obj1" |
| + * is more desirable than "obj2". |
| * |
| * PARAMETERS: |
| * "obj1" |
| @@ -691,14 +693,14 @@ |
| { |
| PKIX_PL_Date *date1 = NULL; |
| PKIX_PL_Date *date2 = NULL; |
| - PKIX_Boolean result = PKIX_FALSE; |
| + PKIX_Int32 result = 0; |
| |
| PKIX_ENTER(BUILD, "pkix_Build_SortCertComparator"); |
| PKIX_NULLCHECK_THREE(obj1, obj2, pResult); |
| |
| /* |
| * For sorting candidate certificates, we use NotAfter date as the |
| - * sorted key for now (can be expanded if desired in the future). |
| + * comparison key for now (can be expanded if desired in the future). |
| * |
| * In PKIX_BuildChain, the List of CertStores was reordered so that |
| * trusted CertStores are ahead of untrusted CertStores. That sort, or |
| @@ -727,7 +729,12 @@ |
| plContext), |
| PKIX_OBJECTCOMPARATORFAILED); |
| |
| - *pResult = !result; |
| + /* |
| + * Invert the result, so that if date1 is greater than date2, |
| + * obj1 is sorted before obj2. This is because pkix_List_BubbleSort |
| + * sorts in ascending order. |
| + */ |
| + *pResult = -result; |
| |
| cleanup: |
| |
