diff options
| author | Chuck Lee <chuckli0706@gmail.com> | 2015-02-26 18:45:53 +0100 |
|---|---|---|
| committer | Chuck Lee <chuckli0706@gmail.com> | 2015-02-26 18:45:53 +0100 |
| commit | a0354c01df28ef0bbdf18f143fba582b68e296d5 (patch) | |
| tree | db30599a166647f287e026a2714c36a74069c100 | |
| parent | 942af6948f4bb6ae920c320144ba8e809a98e17f (diff) | |
| download | nss-hg-a0354c01df28ef0bbdf18f143fba582b68e296d5.tar.gz | |
Bug 1073330 - Support set nickname of imported certificates, r=kaie and r=rrelyea
| -rw-r--r-- | lib/nss/nss.def | 1 | ||||
| -rw-r--r-- | lib/pk11wrap/pk11cert.c | 22 | ||||
| -rw-r--r-- | lib/pk11wrap/pk11pub.h | 15 |
3 files changed, 38 insertions, 0 deletions
diff --git a/lib/nss/nss.def b/lib/nss/nss.def index 8a3e81693..794e932e7 100644 --- a/lib/nss/nss.def +++ b/lib/nss/nss.def @@ -1064,6 +1064,7 @@ PK11_PrivDecrypt; ;+}; ;+NSS_3.18 { # NSS 3.18 release ;+ global: +__PK11_SetCertificateNickname; CERT_FindCertURLExtension; SEC_CheckCrlTimes; SEC_GetCrlTimes; diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c index 3e6a839f3..1bf8a7f50 100644 --- a/lib/pk11wrap/pk11cert.c +++ b/lib/pk11wrap/pk11cert.c @@ -2682,3 +2682,25 @@ PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg) nssCryptokiObjectArray_Destroy(instances); return slotList; } + +/* + * Using __PK11_SetCertificateNickname is *DANGEROUS*. + * + * The API will update the NSS database, but it *will NOT* update the in-memory data. + * As a result, after calling this API, there will be INCONSISTENCY between + * in-memory data and the database. + * + * Use of the API should be limited to short-lived tools, which will exit immediately + * after using this API. + * + * If you ignore this warning, your process is TAINTED and will most likely misbehave. + */ +SECStatus +__PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) +{ + /* Can't set nickname of temp cert. */ + if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { + return SEC_ERROR_INVALID_ARGS; + } + return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); +} diff --git a/lib/pk11wrap/pk11pub.h b/lib/pk11wrap/pk11pub.h index f0bf2c882..d4565eb4e 100644 --- a/lib/pk11wrap/pk11pub.h +++ b/lib/pk11wrap/pk11pub.h @@ -459,6 +459,21 @@ SECStatus PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey, SECStatus PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey, const char *nickname); +/* + * Using __PK11_SetCertificateNickname is *DANGEROUS*. + * + * The API will update the NSS database, but it *will NOT* update the in-memory data. + * As a result, after calling this API, there will be INCONSISTENCY between + * in-memory data and the database. + * + * Use of the API should be limited to short-lived tools, which will exit immediately + * after using this API. + * + * If you ignore this warning, your process is TAINTED and will most likely misbehave. + */ +SECStatus __PK11_SetCertificateNickname(CERTCertificate *cert, + const char *nickname); + /* size to hold key in bytes */ unsigned int PK11_GetKeyLength(PK11SymKey *key); /* size of actual secret parts of key in bits */ |