diff options
| author | nelsonb%netscape.com <devnull@localhost> | 2001-04-11 22:45:40 +0000 |
|---|---|---|
| committer | nelsonb%netscape.com <devnull@localhost> | 2001-04-11 22:45:40 +0000 |
| commit | c49ce2d1d621bf9930fd468e73841bd62b0926b3 (patch) | |
| tree | 960a4813366e48926e6e0f40450e34779e06db0a | |
| parent | 2a6956d1b4d39d64a8bae182dcaa0c4e9ad58474 (diff) | |
| download | nss-hg-c49ce2d1d621bf9930fd468e73841bd62b0926b3.tar.gz | |
Merge NSS 3.2.1 changes.
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 33 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11slot.c | 2 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/secmodt.h | 5 |
3 files changed, 30 insertions, 10 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index bcf6b16e6..2306a3eee 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -2570,7 +2570,17 @@ pk11ListCertCallback(CERTCertificate *cert, SECItem *derCert, void *arg) PK11CertListType type = listCertP->type; CERTCertList *certList = listCertP->certList; CERTCertTrust *trust; + PRBool isUnique = PR_FALSE; + char *nickname = NULL; + + if ((type == PK11CertListUnique) || (type == PK11CertListRootUnique)) { + isUnique = PR_TRUE; + } + /* at this point the nickname is correct for the cert. save it for later */ + if (!isUnique) { + nickname = PORT_ArenaStrdup(listCertP->certList->arena,cert->nickname); + } if (derCert == NULL) { newCert=CERT_DupCertificate(cert); } else { @@ -2583,16 +2593,24 @@ pk11ListCertCallback(CERTCertificate *cert, SECItem *derCert, void *arg) /* if we want user certs and we don't have one skip this cert */ if ((type == PK11CertListUser) && - ( (cert->slot == NULL) || - (trust == NULL) || (((trust->sslFlags & CERTDB_USER == 0) && - ((trust->emailFlags & CERTDB_USER) == 0))) ) ) { + ((trust == NULL) || + ( ((trust->sslFlags & CERTDB_USER) == 0) && + ((trust->emailFlags & CERTDB_USER) == 0) )) ) { + CERT_DestroyCertificate(newCert); + return SECSuccess; + } + + /* if we want root certs, skip the user certs */ + if ((type == PK11CertListRootUnique) && + ((trust) && (((trust->sslFlags & CERTDB_USER ) || + (trust->emailFlags & CERTDB_USER))) ) ) { CERT_DestroyCertificate(newCert); return SECSuccess; } /* if we want Unique certs and we already have it on our list, skip it */ - if ((type == PK11CertListUnique) && (isOnList(certList,newCert))) { + if ( isUnique && isOnList(certList,newCert) ) { CERT_DestroyCertificate(newCert); return SECSuccess; } @@ -2600,9 +2618,9 @@ pk11ListCertCallback(CERTCertificate *cert, SECItem *derCert, void *arg) /* put slot certs at the end */ if (newCert->slot && !PK11_IsInternal(newCert->slot)) { - CERT_AddCertToListTail(certList,newCert); + CERT_AddCertToListTailWithData(certList,newCert,nickname); } else { - CERT_AddCertToListHead(certList,newCert); + CERT_AddCertToListHeadWithData(certList,newCert,nickname); } return SECSuccess; } @@ -2618,7 +2636,8 @@ PK11_ListCerts(PK11CertListType type, void *pwarg) listCerts.type = type; listCerts.certList = certList; - SEC_TraversePermCerts(CERT_GetDefaultCertDB(),pk11ListCertCallback,&listCerts); + SEC_TraversePermCerts(CERT_GetDefaultCertDB(),pk11ListCertCallback, + &listCerts); PK11_TraverseSlotCerts(pk11ListCertCallback,&listCerts,pwarg); diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index c725a7797..315c86585 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -1667,7 +1667,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) /* initialize the maxKeyCount value */ if (tokenInfo.ulMaxSessionCount == 0) { - slot->maxKeyCount = 300; /* should be #define or a config param */ + slot->maxKeyCount = 800; /* should be #define or a config param */ } else if (tokenInfo.ulMaxSessionCount < 20) { /* don't have enough sessions to keep that many keys around */ slot->maxKeyCount = 0; diff --git a/security/nss/lib/pk11wrap/secmodt.h b/security/nss/lib/pk11wrap/secmodt.h index 949edee26..b2d401e24 100644 --- a/security/nss/lib/pk11wrap/secmodt.h +++ b/security/nss/lib/pk11wrap/secmodt.h @@ -97,8 +97,9 @@ struct PK11RSAGenParamsStr { }; typedef enum { - PK11CertListUnique = 0, - PK11CertListUser = 1 + PK11CertListUnique = 0, + PK11CertListUser = 1, + PK11CertListRootUnique = 2 } PK11CertListType; /* |