From bff5ec60de4851bd93fcaade0a8163133d7b878b Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Fri, 10 Jun 2011 14:25:29 -0400 Subject: [PATCH 124/150] - update the comment about keyUsagePresent --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 068b0cf..a5ff728 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -3047,9 +3047,8 @@ cert_get_ext_by_tag(CERTCertificate *cert, SECOidTag tag) } /* Check for the presence of a particular key usage in the cert's keyUsage - * extension field. If it's not there, NSS makes an educated guess, and we - * trust it here. This may have to be changed to check if keyUsagePresent is - * clear, and then just return both, like the OpenSSL version of this does. */ + * extension field. If it's not there, NSS just sets all of the bits, which is + * consistent with what the OpenSSL version of this does. */ static unsigned int cert_get_ku_bits(krb5_context context, CERTCertificate *cert) { -- 1.7.6.4