diff options
| author | ian.mcgreer%sun.com <devnull@localhost> | 2002-05-07 14:58:12 +0000 |
|---|---|---|
| committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-05-07 14:58:12 +0000 |
| commit | 349023864eabe403a24a680119cb96af13310416 (patch) | |
| tree | b431f6889db29032c5c795ecd055576b2b656437 | |
| parent | cf53eaa45603f62ab294567be19723f94a90b06c (diff) | |
| download | nss-hg-349023864eabe403a24a680119cb96af13310416.tar.gz | |
bug 142175, PK11_ListCerts regressions -- handle PKCS#11 incompatibilites with serial numbers, and fix trust collection.
| -rw-r--r-- | security/nss/lib/dev/ckhelper.c | 5 | ||||
| -rw-r--r-- | security/nss/lib/pki/pkibase.c | 29 |
2 files changed, 33 insertions, 1 deletions
diff --git a/security/nss/lib/dev/ckhelper.c b/security/nss/lib/dev/ckhelper.c index 26314245a..1f3f1e3bc 100644 --- a/security/nss/lib/dev/ckhelper.c +++ b/security/nss/lib/dev/ckhelper.c @@ -533,13 +533,16 @@ get_nss_trust { nssTrustLevel t; switch (ckt) { - case CKT_NETSCAPE_TRUST_UNKNOWN: t = nssTrustLevel_Unknown; break; case CKT_NETSCAPE_UNTRUSTED: t = nssTrustLevel_NotTrusted; break; case CKT_NETSCAPE_TRUSTED_DELEGATOR: t = nssTrustLevel_TrustedDelegator; break; case CKT_NETSCAPE_VALID_DELEGATOR: t = nssTrustLevel_ValidDelegator; break; case CKT_NETSCAPE_TRUSTED: t = nssTrustLevel_Trusted; break; case CKT_NETSCAPE_VALID: t = nssTrustLevel_Valid; break; + case CKT_NETSCAPE_MUST_VERIFY: + case CKT_NETSCAPE_TRUST_UNKNOWN: + default: + t = nssTrustLevel_Unknown; break; } return t; } diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c index 8d61ad47f..8b7e95a2b 100644 --- a/security/nss/lib/pki/pkibase.c +++ b/security/nss/lib/pki/pkibase.c @@ -943,11 +943,22 @@ static PRStatus cert_getUIDFromObject(nssPKIObject *o, NSSItem *uid) { NSSCertificate *c = (NSSCertificate *)o; +#ifdef NSS_3_4_CODE + /* The builtins are still returning decoded serial numbers. Until + * this compatibility issue is resolved, use the full DER of the + * cert to uniquely identify it. + */ + NSSDER *derCert; + derCert = nssCertificate_GetEncoding(c); + uid[0] = *derCert; + uid[1].data = NULL; uid[1].size = 0; +#else NSSDER *issuer, *serial; issuer = nssCertificate_GetIssuer(c); serial = nssCertificate_GetSerialNumber(c); uid[0] = *issuer; uid[1] = *serial; +#endif /* NSS_3_4_CODE */ return PR_SUCCESS; } @@ -955,6 +966,23 @@ static PRStatus cert_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid, NSSArena *arena) { +#ifdef NSS_3_4_CODE + /* The builtins are still returning decoded serial numbers. Until + * this compatibility issue is resolved, use the full DER of the + * cert to uniquely identify it. + */ + uid[1].data = NULL; uid[1].size = 0; + return nssCryptokiCertificate_GetAttributes(instance, + NULL, /* XXX sessionOpt */ + arena, /* arena */ + NULL, /* type */ + NULL, /* id */ + &uid[0], /* encoding */ + NULL, /* issuer */ + NULL, /* serial */ + NULL, /* subject */ + NULL); /* email */ +#else return nssCryptokiCertificate_GetAttributes(instance, NULL, /* XXX sessionOpt */ arena, /* arena */ @@ -965,6 +993,7 @@ cert_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid, &uid[1], /* serial */ NULL, /* subject */ NULL); /* email */ +#endif /* NSS_3_4_CODE */ } static nssPKIObject * |