diff options
| author | ian.mcgreer%sun.com <devnull@localhost> | 2002-03-15 19:23:14 +0000 |
|---|---|---|
| committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-03-15 19:23:14 +0000 |
| commit | 0d081ad2813f30fd03a0df7bdbe88754cdd1eef6 (patch) | |
| tree | b5e7d39a31afa78968845fc5596e2a1cefe9f4a8 | |
| parent | 25a4385539307e737544d95ea23a3d95e43b28de (diff) | |
| download | nss-hg-0d081ad2813f30fd03a0df7bdbe88754cdd1eef6.tar.gz | |
bug 130747, update trust after login to catch user certs when token doesn't return public key (ncipher)
| -rw-r--r-- | security/nss/lib/pk11wrap/dev3hack.h | 5 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11slot.c | 1 | ||||
| -rw-r--r-- | security/nss/lib/pki/pki3hack.c | 19 |
3 files changed, 24 insertions, 1 deletions
diff --git a/security/nss/lib/pk11wrap/dev3hack.h b/security/nss/lib/pk11wrap/dev3hack.h index a24eacd8f..19f9bbb8b 100644 --- a/security/nss/lib/pk11wrap/dev3hack.h +++ b/security/nss/lib/pk11wrap/dev3hack.h @@ -58,9 +58,12 @@ void PK11Slot_SetNSSToken(PK11SlotInfo *sl, NSSToken *nsst); NSSToken * PK11Slot_GetNSSToken(PK11SlotInfo *sl); -NSS_IMPLEMENT PRStatus +NSS_EXTERN PRStatus nssToken_LoadCerts(NSSToken *token); +NSS_EXTERN void +nssToken_UpdateTrustForCerts(NSSToken *token); + PR_END_EXTERN_C #endif /* DEVNSS3HACK_H */ diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index d207b9d7f..cd2d29bd4 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -1149,6 +1149,7 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) if (rv == SECSuccess && slot->nssToken && !PK11_IsFriendly(slot)) { /* notify stan about the login if certs are not public readable */ nssToken_LoadCerts(slot->nssToken); + nssToken_UpdateTrustForCerts(slot->nssToken); } } else if (!attempt) PORT_SetError(SEC_ERROR_BAD_PASSWORD); return rv; diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index d26a68d2c..8a8d3bf63 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -282,6 +282,25 @@ nssToken_LoadCerts(NSSToken *token) return nssrv; } +NSS_IMPLEMENT void +nssToken_UpdateTrustForCerts(NSSToken *token) +{ + nssListIterator *certs; + NSSCertificate *cert; + certs = nssList_CreateIterator(token->certList); + for (cert = (NSSCertificate *)nssListIterator_Start(certs); + cert != (NSSCertificate *)NULL; + cert = (NSSCertificate *)nssListIterator_Next(certs)) + { + CERTCertificate *cc = STAN_GetCERTCertificate(cert); + cc->trust = NULL; + /* force an update of the trust fields of the CERTCertificate */ + (void)stan_GetCERTCertificate(cert, PR_FALSE); + } + nssListIterator_Finish(certs); + nssListIterator_Destroy(certs); +} + NSS_IMPLEMENT PRBool nssToken_SearchCerts ( |