diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2002-03-01 21:43:57 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-03-01 21:43:57 +0000 |
commit | bc9d7dfc89d803cdaf337e70805d9dc63a23079a (patch) | |
tree | 8e4dd53424ce631b23f1e277cc463c43cd5cccc5 | |
parent | 99ea8622f6f12096f770bb521633ec971ab40b07 (diff) | |
download | nss-hg-bc9d7dfc89d803cdaf337e70805d9dc63a23079a.tar.gz |
modify last patch to only take effect if the slot certs are not publicly readable, and to not update the token cert list more than once
-rw-r--r-- | security/nss/lib/pk11wrap/pk11slot.c | 9 | ||||
-rw-r--r-- | security/nss/lib/pki/pki3hack.c | 3 |
2 files changed, 8 insertions, 4 deletions
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 86c58ead8..c3839594e 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -725,8 +725,9 @@ PK11_Logout(PK11SlotInfo *slot) PK11_EnterSlotMonitor(slot); crv = PK11_GETTAB(slot)->C_Logout(slot->session); PK11_ExitSlotMonitor(slot); - if (slot->nssToken) { - nssToken_DestroyCertList(slot->nssToken, PR_TRUE); + if (slot->nssToken && !PK11_IsFriendly(slot)) { + /* If the slot certs are not public readable, destroy them */ + nssToken_DestroyCertList(slot->nssToken, PR_TRUE); } if (crv != CKR_OK) { PORT_SetError(PK11_MapError(crv)); @@ -1143,8 +1144,8 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) } if (rv == SECSuccess) { rv = pk11_CheckVerifyTest(slot); - if (rv == SECSuccess && slot->nssToken) { - /* notify stan about the login */ + if (rv == SECSuccess && slot->nssToken && !PK11_IsFriendly(slot)) { + /* notify stan about the login if certs are not public readable */ nssToken_LoadCerts(slot->nssToken); } } else if (!attempt) PORT_SetError(SEC_ERROR_BAD_PASSWORD); diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index ad9dbe5f0..0fc28ee26 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -247,6 +247,9 @@ nssToken_LoadCerts(NSSToken *token) if (!token->certList) { return PR_FAILURE; } + } else if (nssList_Count(token->certList) > 0) { + /* already been done */ + return PR_SUCCESS; } /* ignore the rv, just work without the list */ (void)nssToken_TraverseCertificates(token, NULL, &search); |