diff options
| author | relyea%netscape.com <devnull@localhost> | 2001-03-26 23:17:07 +0000 |
|---|---|---|
| committer | relyea%netscape.com <devnull@localhost> | 2001-03-26 23:17:07 +0000 |
| commit | 5bdccafeb958af2d93e0000fcef0ce34b9206b45 (patch) | |
| tree | 52fb7f5316eca4eb7b00cd464e2a1e7db13def8f | |
| parent | 644a8adff42e305aafd0ba714c9ea75dafadabc9 (diff) | |
| download | nss-hg-5bdccafeb958af2d93e0000fcef0ce34b9206b45.tar.gz | |
Add new option for displaying only the root certs.
Fix bugs in the user cert code so that all the certs are returned correctly.
Preserve the nickname for this particular cert in the certnode.
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 33 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11slot.c | 2 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/secmodt.h | 5 |
3 files changed, 30 insertions, 10 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index bcf6b16e6..2306a3eee 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -2570,7 +2570,17 @@ pk11ListCertCallback(CERTCertificate *cert, SECItem *derCert, void *arg) PK11CertListType type = listCertP->type; CERTCertList *certList = listCertP->certList; CERTCertTrust *trust; + PRBool isUnique = PR_FALSE; + char *nickname = NULL; + + if ((type == PK11CertListUnique) || (type == PK11CertListRootUnique)) { + isUnique = PR_TRUE; + } + /* at this point the nickname is correct for the cert. save it for later */ + if (!isUnique) { + nickname = PORT_ArenaStrdup(listCertP->certList->arena,cert->nickname); + } if (derCert == NULL) { newCert=CERT_DupCertificate(cert); } else { @@ -2583,16 +2593,24 @@ pk11ListCertCallback(CERTCertificate *cert, SECItem *derCert, void *arg) /* if we want user certs and we don't have one skip this cert */ if ((type == PK11CertListUser) && - ( (cert->slot == NULL) || - (trust == NULL) || (((trust->sslFlags & CERTDB_USER == 0) && - ((trust->emailFlags & CERTDB_USER) == 0))) ) ) { + ((trust == NULL) || + ( ((trust->sslFlags & CERTDB_USER) == 0) && + ((trust->emailFlags & CERTDB_USER) == 0) )) ) { + CERT_DestroyCertificate(newCert); + return SECSuccess; + } + + /* if we want root certs, skip the user certs */ + if ((type == PK11CertListRootUnique) && + ((trust) && (((trust->sslFlags & CERTDB_USER ) || + (trust->emailFlags & CERTDB_USER))) ) ) { CERT_DestroyCertificate(newCert); return SECSuccess; } /* if we want Unique certs and we already have it on our list, skip it */ - if ((type == PK11CertListUnique) && (isOnList(certList,newCert))) { + if ( isUnique && isOnList(certList,newCert) ) { CERT_DestroyCertificate(newCert); return SECSuccess; } @@ -2600,9 +2618,9 @@ pk11ListCertCallback(CERTCertificate *cert, SECItem *derCert, void *arg) /* put slot certs at the end */ if (newCert->slot && !PK11_IsInternal(newCert->slot)) { - CERT_AddCertToListTail(certList,newCert); + CERT_AddCertToListTailWithData(certList,newCert,nickname); } else { - CERT_AddCertToListHead(certList,newCert); + CERT_AddCertToListHeadWithData(certList,newCert,nickname); } return SECSuccess; } @@ -2618,7 +2636,8 @@ PK11_ListCerts(PK11CertListType type, void *pwarg) listCerts.type = type; listCerts.certList = certList; - SEC_TraversePermCerts(CERT_GetDefaultCertDB(),pk11ListCertCallback,&listCerts); + SEC_TraversePermCerts(CERT_GetDefaultCertDB(),pk11ListCertCallback, + &listCerts); PK11_TraverseSlotCerts(pk11ListCertCallback,&listCerts,pwarg); diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 571177438..3f3f453cd 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -1666,7 +1666,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) /* initialize the maxKeyCount value */ if (tokenInfo.ulMaxSessionCount == 0) { - slot->maxKeyCount = 300; /* should be #define or a config param */ + slot->maxKeyCount = 800; /* should be #define or a config param */ } else if (tokenInfo.ulMaxSessionCount < 20) { /* don't have enough sessions to keep that many keys around */ slot->maxKeyCount = 0; diff --git a/security/nss/lib/pk11wrap/secmodt.h b/security/nss/lib/pk11wrap/secmodt.h index 949edee26..b2d401e24 100644 --- a/security/nss/lib/pk11wrap/secmodt.h +++ b/security/nss/lib/pk11wrap/secmodt.h @@ -97,8 +97,9 @@ struct PK11RSAGenParamsStr { }; typedef enum { - PK11CertListUnique = 0, - PK11CertListUser = 1 + PK11CertListUnique = 0, + PK11CertListUser = 1, + PK11CertListRootUnique = 2 } PK11CertListType; /* |