[Libreoffice-commits] core.git: Branch 'aoo/trunk' - 4 commits - basegfx/inc extras/source framework/inc sw/source ucb/source uui/source
Tsutomu Uchino
hanya at apache.org
Tue Jan 21 10:09:06 PST 2014
basegfx/inc/basegfx/tools/b2dclipstate.hxx | 2
extras/source/autotext/lang/en-US/acor_en-US.dat |binary
framework/inc/uielement/genericstatusbarcontroller.hxx | 2
sw/source/core/access/accpara.hxx | 2
ucb/source/ucp/webdav/SerfSession.cxx | 44 +++++++++++++++--
ucb/source/ucp/webdav/SerfTypes.hxx | 2
ucb/source/ucp/webdav/SerfUri.hxx | 2
uui/source/iahndl-ssl.cxx | 5 +
8 files changed, 48 insertions(+), 11 deletions(-)
New commits:
commit 17e2f9c3d2eb0d3b7f559055327d37171db01c2f
Author: Tsutomu Uchino <hanya at apache.org>
Date: Tue Jan 21 16:36:08 2014 +0000
#i124067# remove naive entry from auto correct list for en-US
diff --git a/extras/source/autotext/lang/en-US/acor_en-US.dat b/extras/source/autotext/lang/en-US/acor_en-US.dat
index d4e9a3d..681f362 100644
Binary files a/extras/source/autotext/lang/en-US/acor_en-US.dat and b/extras/source/autotext/lang/en-US/acor_en-US.dat differ
commit 226085ad2004319c5142b392bb4b48ab79c3b747
Author: Oliver-Rainer Wittmann <orw at apache.org>
Date: Tue Jan 21 16:32:58 2014 +0000
123744: method <SerfSession::verifySerfCertificateChain(..)> - consider certificate's Subject Alternative Name field when searching for matching certificate host name
diff --git a/ucb/source/ucp/webdav/SerfSession.cxx b/ucb/source/ucp/webdav/SerfSession.cxx
index dc08678..a5354eb 100644
--- a/ucb/source/ucp/webdav/SerfSession.cxx
+++ b/ucb/source/ucp/webdav/SerfSession.cxx
@@ -30,7 +30,7 @@
#include "ucbhelper/simplecertificatevalidationrequest.hxx"
#include "AprEnv.hxx"
-#include <apr_strings.h>
+#include <apr/apr_strings.h>
#include "DAVAuthListener.hxx"
#include "SerfTypes.hxx"
@@ -47,6 +47,10 @@
#include <com/sun/star/security/CertificateContainerStatus.hpp>
#include <com/sun/star/security/CertificateContainer.hpp>
#include <com/sun/star/security/XCertificateContainer.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+#include <com/sun/star/security/XSanExtension.hpp>
+#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
+
#include <com/sun/star/ucb/Lock.hpp>
#include <com/sun/star/xml/crypto/XSEInitializer.hpp>
@@ -479,7 +483,40 @@ apr_status_t SerfSession::verifySerfCertificateChain (
// When the certificate matches the host name then we can use the
// result of the verification.
- if (isDomainMatch(sServerCertificateSubject))
+ bool bHostnameMatchesCertHostnames = false;
+ {
+ uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xServerCertificate->getExtensions();
+ uno::Sequence< security::CertAltNameEntry > altNames;
+ for (sal_Int32 i = 0 ; i < extensions.getLength(); ++i)
+ {
+ uno::Reference< security::XCertificateExtension >element = extensions[i];
+
+ const rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
+ if ( aId.equals( OID_SUBJECT_ALTERNATIVE_NAME ) )
+ {
+ uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
+ altNames = sanExtension->getAlternativeNames();
+ break;
+ }
+ }
+
+ uno::Sequence< ::rtl::OUString > certHostNames(altNames.getLength() + 1);
+ certHostNames[0] = sServerCertificateSubject;
+ for( int n = 0; n < altNames.getLength(); ++n )
+ {
+ if (altNames[n].Type == security::ExtAltNameType_DNS_NAME)
+ {
+ altNames[n].Value >>= certHostNames[n+1];
+ }
+ }
+
+ for ( int i = 0; i < certHostNames.getLength() && !bHostnameMatchesCertHostnames; ++i )
+ {
+ bHostnameMatchesCertHostnames = isDomainMatch( certHostNames[i] );
+ }
+
+ }
+ if ( bHostnameMatchesCertHostnames )
{
if (nVerificationResult == 0)
@@ -526,8 +563,7 @@ apr_status_t SerfSession::verifySerfCertificateChain (
if ( xSelection.is() )
{
- uno::Reference< task::XInteractionApprove > xApprove(
- xSelection.get(), uno::UNO_QUERY );
+ uno::Reference< task::XInteractionApprove > xApprove( xSelection.get(), uno::UNO_QUERY );
if ( xApprove.is() )
{
xCertificateContainer->addCertificate( getHostName(), sServerCertificateSubject, sal_True );
diff --git a/ucb/source/ucp/webdav/SerfTypes.hxx b/ucb/source/ucp/webdav/SerfTypes.hxx
index d525d6b..23d8bee 100644
--- a/ucb/source/ucp/webdav/SerfTypes.hxx
+++ b/ucb/source/ucp/webdav/SerfTypes.hxx
@@ -24,7 +24,7 @@
#ifndef INCLUDED_SERFTYPES_HXX
#define INCLUDED_SERFTYPES_HXX
-#include <serf.h>
+#include <serf/serf.h>
typedef serf_connection_t SerfConnection;
diff --git a/ucb/source/ucp/webdav/SerfUri.hxx b/ucb/source/ucp/webdav/SerfUri.hxx
index d6844a1..8bd45de 100644
--- a/ucb/source/ucp/webdav/SerfUri.hxx
+++ b/ucb/source/ucp/webdav/SerfUri.hxx
@@ -23,7 +23,7 @@
#ifndef INCLUDED_SERFURI_HXX
#define INCLUDED_SERFURI_HXX
-#include <apr_uri.h>
+#include <apr-util/apr_uri.h>
#include <rtl/ustring.hxx>
#include "DAVException.hxx"
commit 117218483797c0aeedef9b68bdae96a727cb3426
Author: Oliver-Rainer Wittmann <orw at apache.org>
Date: Tue Jan 21 16:17:39 2014 +0000
123744: method <handleCertificateValidationRequest_(..)> - correct consideration of Subject Alternative Name field of the given certificate
diff --git a/uui/source/iahndl-ssl.cxx b/uui/source/iahndl-ssl.cxx
index 36dd667..0b5119b 100644
--- a/uui/source/iahndl-ssl.cxx
+++ b/uui/source/iahndl-ssl.cxx
@@ -308,9 +308,10 @@ handleCertificateValidationRequest_(
certHostNames[0] = certHostName;
- for(int n = 1; n < altNames.getLength(); n++){
+ for(int n = 0; n < altNames.getLength(); ++n)
+ {
if (altNames[n].Type == security::ExtAltNameType_DNS_NAME){
- altNames[n].Value >>= certHostNames[n];
+ altNames[n].Value >>= certHostNames[n+1];
}
}
commit 3552c7f9561f43024ca32f50e4bf63b31233b03c
Author: Herbert Dürr <hdu at apache.org>
Date: Tue Jan 21 16:10:06 2014 +0000
#i123948# fix more class/struct mismatches
fix forward declarations that don't match the actual definitions
diff --git a/basegfx/inc/basegfx/tools/b2dclipstate.hxx b/basegfx/inc/basegfx/tools/b2dclipstate.hxx
index 3db9738..d631d5d 100644
--- a/basegfx/inc/basegfx/tools/b2dclipstate.hxx
+++ b/basegfx/inc/basegfx/tools/b2dclipstate.hxx
@@ -38,7 +38,7 @@ namespace basegfx
namespace tools
{
- class ImplB2DClipState;
+ struct ImplB2DClipState;
/** This class provides an optimized, symbolic clip state for graphical output
diff --git a/framework/inc/uielement/genericstatusbarcontroller.hxx b/framework/inc/uielement/genericstatusbarcontroller.hxx
index 34093ed..e3b0159 100644
--- a/framework/inc/uielement/genericstatusbarcontroller.hxx
+++ b/framework/inc/uielement/genericstatusbarcontroller.hxx
@@ -29,7 +29,7 @@
namespace framework
{
-class AddonStatusbarItemData;
+struct AddonStatusbarItemData;
class GenericStatusbarController : public svt::StatusbarController
{
diff --git a/sw/source/core/access/accpara.hxx b/sw/source/core/access/accpara.hxx
index 4e5bd51..fcafae7 100644
--- a/sw/source/core/access/accpara.hxx
+++ b/sw/source/core/access/accpara.hxx
@@ -55,7 +55,7 @@ namespace rtl { class OUString; }
namespace com { namespace sun { namespace star {
namespace i18n { struct Boundary; }
namespace accessibility { class XAccessibleHyperlink; }
- namespace style { class TabStop; }
+ namespace style { struct TabStop; }
} } }
typedef ::std::hash_map< ::rtl::OUString,
More information about the Libreoffice-commits
mailing list