1 files changed, 26 insertions, 3 deletions

diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
index 287dce6408ef..c8a612fae7e0 100644
--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
@@ -51,6 +51,9 @@
 #include "certificateextension_xmlsecimpl.hxx"
 #endif
 
+#ifndef _SANEXTENSION_NSSIMPL_HXX_
+#include "sanextension_nssimpl.hxx"
+#endif
 
 using namespace ::com::sun::star::uno ;
 using namespace ::com::sun::star::security ;
@@ -203,12 +206,27 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s
         Sequence< Reference< XCertificateExtension > > xExtns( len ) ;
 
         for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) {
-            pExtn = new CertificateExtension_XmlSecImpl() ;
+            const SECItem id = (*extns)->id;
+            ::rtl::OString oidString(CERT_GetOidString(&id));
+
+            // remove "OID." prefix if existing
+            ::rtl::OString objID;
+            ::rtl::OString oid("OID.");
+            if (oidString.match(oid))
+                objID = oidString.copy(oid.getLength());
+            else
+                objID = oidString;
+
+            if ( objID.equals("2.5.29.17") )
+                pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+            else
+                pExtn = new CertificateExtension_XmlSecImpl() ;
+
             if( (*extns)->critical.data == NULL )
                 crit = sal_False ;
             else
                 crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ;
-            pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
+            pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objID.getStr(), objID.getLength(), crit ) ;
 
             xExtns[len] = pExtn ;
         }
@@ -232,7 +250,12 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s
         pExtn = NULL ;
         for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) {
             if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) {
-                pExtn = new CertificateExtension_XmlSecImpl() ;
+                const SECItem id = (*extns)->id;
+                ::rtl::OString objId(CERT_GetOidString(&id));
+                if ( objId.equals("OID.2.5.29.17") )
+                    pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+                else
+                    pExtn = new CertificateExtension_XmlSecImpl() ;
                 if( (*extns)->critical.data == NULL )
                     crit = sal_False ;
                 else