diff options
author | Bob Relyea <rrelyea@redhat.com> | 2017-09-18 20:02:58 +0200 |
---|---|---|
committer | Bob Relyea <rrelyea@redhat.com> | 2017-09-18 20:02:58 +0200 |
commit | 33595c796d15d8cfd776673042515d9bca691127 (patch) | |
tree | f4c5d496f14505a00d3e60690be5a145571f1abc /cmd/certutil | |
parent | 793b1f5c7276568060aa0941af5ae070b7e5c157 (diff) | |
download | nss-hg-33595c796d15d8cfd776673042515d9bca691127.tar.gz |
Bug 1382278, certutil -A creates uninitialised database, r=kaie
Diffstat (limited to 'cmd/certutil')
-rw-r--r-- | cmd/certutil/certutil.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c index 7bfebc2be..9bbb940b8 100644 --- a/cmd/certutil/certutil.c +++ b/cmd/certutil/certutil.c @@ -3010,6 +3010,33 @@ certutil_main(int argc, char **argv, PRBool initialize) } } + /* if we are going to modify the cert database, + * make sure it's initialized */ + if (certutil.commands[cmd_ModifyCertTrust].activated || + certutil.commands[cmd_CreateAndAddCert].activated || + certutil.commands[cmd_AddCert].activated || + certutil.commands[cmd_AddEmailCert].activated) { + if (PK11_NeedUserInit(slot)) { + char *password = NULL; + /* fetch the password from the command line or the file + * if no password is supplied, initialize the password to NULL */ + if (pwdata.source == PW_FROMFILE) { + password = SECU_FilePasswd(slot, PR_FALSE, pwdata.data); + } else if (pwdata.source == PW_PLAINTEXT) { + password = PL_strdup(pwdata.data); + } + rv = PK11_InitPin(slot, (char *)NULL, password ? password : ""); + if (password) { + PORT_Memset(password, 0, PL_strlen(password)); + PORT_Free(password); + } + if (rv != SECSuccess) { + SECU_PrintError(progName, "Could not set password for the slot"); + goto shutdown; + } + } + } + /* walk through the upgrade merge if necessary. * This option is more to test what some applications will want to do * to do an automatic upgrade. The --merge command is more useful for |