[Libreoffice-commits] core.git: Branch 'aoo/trunk' - 4 commits - basegfx/inc extras/source framework/inc sw/source ucb/source uui/source

Tsutomu Uchino hanya at apache.org
Tue Jan 21 10:09:06 PST 2014 

 basegfx/inc/basegfx/tools/b2dclipstate.hxx             |    2 
 extras/source/autotext/lang/en-US/acor_en-US.dat       |binary
 framework/inc/uielement/genericstatusbarcontroller.hxx |    2 
 sw/source/core/access/accpara.hxx                      |    2 
 ucb/source/ucp/webdav/SerfSession.cxx                  |   44 +++++++++++++++--
 ucb/source/ucp/webdav/SerfTypes.hxx                    |    2 
 ucb/source/ucp/webdav/SerfUri.hxx                      |    2 
 uui/source/iahndl-ssl.cxx                              |    5 +
 8 files changed, 48 insertions(+), 11 deletions(-)

New commits:
commit 17e2f9c3d2eb0d3b7f559055327d37171db01c2f
Author: Tsutomu Uchino <hanya at apache.org>
Date:   Tue Jan 21 16:36:08 2014 +0000

    #i124067# remove naive entry from auto correct list for en-US

diff --git a/extras/source/autotext/lang/en-US/acor_en-US.dat b/extras/source/autotext/lang/en-US/acor_en-US.dat
index d4e9a3d..681f362 100644
Binary files a/extras/source/autotext/lang/en-US/acor_en-US.dat and b/extras/source/autotext/lang/en-US/acor_en-US.dat differ
commit 226085ad2004319c5142b392bb4b48ab79c3b747
Author: Oliver-Rainer Wittmann <orw at apache.org>
Date:   Tue Jan 21 16:32:58 2014 +0000

    123744: method <SerfSession::verifySerfCertificateChain(..)> - consider certificate's Subject Alternative Name field when searching for matching certificate host name

diff --git a/ucb/source/ucp/webdav/SerfSession.cxx b/ucb/source/ucp/webdav/SerfSession.cxx
index dc08678..a5354eb 100644
--- a/ucb/source/ucp/webdav/SerfSession.cxx
+++ b/ucb/source/ucp/webdav/SerfSession.cxx
@@ -30,7 +30,7 @@
 #include "ucbhelper/simplecertificatevalidationrequest.hxx"
 
 #include "AprEnv.hxx"
-#include <apr_strings.h>
+#include <apr/apr_strings.h>
 
 #include "DAVAuthListener.hxx"
 #include "SerfTypes.hxx"
@@ -47,6 +47,10 @@
 #include <com/sun/star/security/CertificateContainerStatus.hpp>
 #include <com/sun/star/security/CertificateContainer.hpp>
 #include <com/sun/star/security/XCertificateContainer.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+#include <com/sun/star/security/XSanExtension.hpp>
+#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
+
 #include <com/sun/star/ucb/Lock.hpp>
 #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
 
@@ -479,7 +483,40 @@ apr_status_t SerfSession::verifySerfCertificateChain (
 
     // When the certificate matches the host name then we can use the
     // result of the verification.
-    if (isDomainMatch(sServerCertificateSubject))
+    bool bHostnameMatchesCertHostnames = false;
+    {
+        uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xServerCertificate->getExtensions();
+        uno::Sequence< security::CertAltNameEntry > altNames;
+        for (sal_Int32 i = 0 ; i < extensions.getLength(); ++i)
+        {
+            uno::Reference< security::XCertificateExtension >element = extensions[i];
+
+            const rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
+            if ( aId.equals( OID_SUBJECT_ALTERNATIVE_NAME ) )
+            {
+                uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
+                altNames =  sanExtension->getAlternativeNames();
+                break;
+            }
+        }
+
+        uno::Sequence< ::rtl::OUString > certHostNames(altNames.getLength() + 1);
+        certHostNames[0] = sServerCertificateSubject;
+        for( int n = 0; n < altNames.getLength(); ++n )
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_DNS_NAME)
+            {
+                altNames[n].Value >>= certHostNames[n+1];
+            }
+        }
+
+        for ( int i = 0; i < certHostNames.getLength() && !bHostnameMatchesCertHostnames; ++i )
+        {
+            bHostnameMatchesCertHostnames = isDomainMatch( certHostNames[i] );
+        }
+
+    }
+    if ( bHostnameMatchesCertHostnames )
     {
 
         if (nVerificationResult == 0)
@@ -526,8 +563,7 @@ apr_status_t SerfSession::verifySerfCertificateChain (
 
             if ( xSelection.is() )
             {
-                uno::Reference< task::XInteractionApprove > xApprove(
-                    xSelection.get(), uno::UNO_QUERY );
+                uno::Reference< task::XInteractionApprove > xApprove( xSelection.get(), uno::UNO_QUERY );
                 if ( xApprove.is() )
                 {
                     xCertificateContainer->addCertificate( getHostName(), sServerCertificateSubject,  sal_True );
diff --git a/ucb/source/ucp/webdav/SerfTypes.hxx b/ucb/source/ucp/webdav/SerfTypes.hxx
index d525d6b..23d8bee 100644
--- a/ucb/source/ucp/webdav/SerfTypes.hxx
+++ b/ucb/source/ucp/webdav/SerfTypes.hxx
@@ -24,7 +24,7 @@
 #ifndef INCLUDED_SERFTYPES_HXX
 #define INCLUDED_SERFTYPES_HXX
 
-#include <serf.h>
+#include <serf/serf.h>
 
 typedef serf_connection_t SerfConnection;
 
diff --git a/ucb/source/ucp/webdav/SerfUri.hxx b/ucb/source/ucp/webdav/SerfUri.hxx
index d6844a1..8bd45de 100644
--- a/ucb/source/ucp/webdav/SerfUri.hxx
+++ b/ucb/source/ucp/webdav/SerfUri.hxx
@@ -23,7 +23,7 @@
 #ifndef INCLUDED_SERFURI_HXX
 #define INCLUDED_SERFURI_HXX
 
-#include <apr_uri.h>
+#include <apr-util/apr_uri.h>
 #include <rtl/ustring.hxx>
 #include "DAVException.hxx"
 
commit 117218483797c0aeedef9b68bdae96a727cb3426
Author: Oliver-Rainer Wittmann <orw at apache.org>
Date:   Tue Jan 21 16:17:39 2014 +0000

    123744: method <handleCertificateValidationRequest_(..)> - correct consideration of Subject Alternative Name field of the given certificate

diff --git a/uui/source/iahndl-ssl.cxx b/uui/source/iahndl-ssl.cxx
index 36dd667..0b5119b 100644
--- a/uui/source/iahndl-ssl.cxx
+++ b/uui/source/iahndl-ssl.cxx
@@ -308,9 +308,10 @@ handleCertificateValidationRequest_(
 
     certHostNames[0] = certHostName;
 
-    for(int n = 1; n < altNames.getLength(); n++){
+    for(int n = 0; n < altNames.getLength(); ++n)
+    {
         if (altNames[n].Type ==  security::ExtAltNameType_DNS_NAME){
-           altNames[n].Value >>= certHostNames[n];
+           altNames[n].Value >>= certHostNames[n+1];
         }
     }
 
commit 3552c7f9561f43024ca32f50e4bf63b31233b03c
Author: Herbert Dürr <hdu at apache.org>
Date:   Tue Jan 21 16:10:06 2014 +0000

    #i123948# fix more class/struct mismatches
    
    fix forward declarations that don't match the actual definitions

diff --git a/basegfx/inc/basegfx/tools/b2dclipstate.hxx b/basegfx/inc/basegfx/tools/b2dclipstate.hxx
index 3db9738..d631d5d 100644
--- a/basegfx/inc/basegfx/tools/b2dclipstate.hxx
+++ b/basegfx/inc/basegfx/tools/b2dclipstate.hxx
@@ -38,7 +38,7 @@ namespace basegfx
 
     namespace tools
     {
-        class ImplB2DClipState;
+        struct ImplB2DClipState;
 
         /** This class provides an optimized, symbolic clip state for graphical output
 
diff --git a/framework/inc/uielement/genericstatusbarcontroller.hxx b/framework/inc/uielement/genericstatusbarcontroller.hxx
index 34093ed..e3b0159 100644
--- a/framework/inc/uielement/genericstatusbarcontroller.hxx
+++ b/framework/inc/uielement/genericstatusbarcontroller.hxx
@@ -29,7 +29,7 @@
 namespace framework
 {
 
-class AddonStatusbarItemData;
+struct AddonStatusbarItemData;
 
 class GenericStatusbarController : public svt::StatusbarController
 {
diff --git a/sw/source/core/access/accpara.hxx b/sw/source/core/access/accpara.hxx
index 4e5bd51..fcafae7 100644
--- a/sw/source/core/access/accpara.hxx
+++ b/sw/source/core/access/accpara.hxx
@@ -55,7 +55,7 @@ namespace rtl { class OUString; }
 namespace com { namespace sun { namespace star {
     namespace i18n { struct Boundary; }
     namespace accessibility { class XAccessibleHyperlink; }
-    namespace style { class TabStop; }
+    namespace style { struct TabStop; }
 } } }
 
 typedef ::std::hash_map< ::rtl::OUString,

More information about the Libreoffice-commits mailing list