diff options
author | Daiki Ueno <dueno@redhat.com> | 2022-07-26 15:52:17 +0000 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2022-07-26 15:52:17 +0000 |
commit | cc39dbca85e59e564114a1e12058674ee3d3bac4 (patch) | |
tree | 7edc7db27ae59dd8100652c18e188c89d523f30e /automation | |
parent | b2262dcec97c040af81e765d58553dbd51b2a783 (diff) | |
download | nss-hg-cc39dbca85e59e564114a1e12058674ee3d3bac4.tar.gz |
Bug 1681099, pk11wrap: Tighten certificate lookup based on PKCS #11 URI, r=kjacobs,rrelyea
Previously we only used the "object" attribute (mapped to CKA_LABEL) to find certificates by PKCS #11 URI. This updates the logic to match also with "id" (mapped to CKA_ID) and reject the request if a "type" attribute is present with the value other than "cert".
Note: as "id" may not be null-terminated, the PKCS #11 URI API had to be revamped to allow binary blobs. This is still not perfect because PK11URIAttribute doesn't have a length field of value.
Differential Revision: https://phabricator.services.mozilla.com/D98940
Diffstat (limited to 'automation')
-rw-r--r-- | automation/abi-check/expected-report-libnssutil3.so.txt | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/automation/abi-check/expected-report-libnssutil3.so.txt b/automation/abi-check/expected-report-libnssutil3.so.txt index e69de29bb..ba634d9ab 100644 --- a/automation/abi-check/expected-report-libnssutil3.so.txt +++ b/automation/abi-check/expected-report-libnssutil3.so.txt @@ -0,0 +1,6 @@ + +2 Added functions: + + 'function const SECItem* PK11URI_GetPathAttributeItem(PK11URI*, const char*)' {PK11URI_GetPathAttributeItem@@NSSUTIL_3.82} + 'function const SECItem* PK11URI_GetQueryAttributeItem(PK11URI*, const char*)' {PK11URI_GetQueryAttributeItem@@NSSUTIL_3.82} + |