Ubuntu
nss package

  1. Bug #1586538
  2. Comment #1

Comment 1 for bug 1586538

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Could you please report this issue to Mozilla? Based on a quick look of our source code and manpage I think our manpages correctly document the situation:

lib/certdb/certdb.c

SECStatus
CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts)
{
    unsigned int i;
    unsigned int *pflags;

    if (!trust) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }
    trust->sslFlags = 0;
    trust->emailFlags = 0;
    trust->objectSigningFlags = 0;
    if (!trusts) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    pflags = &trust->sslFlags;

    for (i=0; i < PORT_Strlen(trusts); i++) {
        switch (trusts[i]) {
          case 'p':
              *pflags = *pflags | CERTDB_TERMINAL_RECORD;
              break;

          case 'P':
              *pflags = *pflags | CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD;
              break;

lib/certdb/certdb.h

typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated
    ("CERTDB_VALID_PEER is now CERTDB_TERMINAL_RECORD")));

There's a chance that "valid peer" is really being used to mean "not trusted for this particular feature" but that feels strange.

Thanks