diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2002-12-03 20:53:02 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-12-03 20:53:02 +0000 |
commit | 3c17d52ce532a4ba04d4d5683c98a42c17adc654 (patch) | |
tree | 22bc8bd99ee72f6236fed84d2b21bc75b2481ee1 /security/nss/cmd | |
parent | 7c1b29ec33ceed71bcac077a81a014577466ffec (diff) | |
download | nss-hg-3c17d52ce532a4ba04d4d5683c98a42c17adc654.tar.gz |
make pkiutil work with multiple instance certs
Diffstat (limited to 'security/nss/cmd')
-rw-r--r-- | security/nss/cmd/pkiutil/pkiobject.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/security/nss/cmd/pkiutil/pkiobject.c b/security/nss/cmd/pkiutil/pkiobject.c index 6f2841f41..4052b2140 100644 --- a/security/nss/cmd/pkiutil/pkiobject.c +++ b/security/nss/cmd/pkiutil/pkiobject.c @@ -437,18 +437,28 @@ dump_cert_info PRStatus status; PRUint32 i, j; NSSToken **tokens, **tp; - - tokens = NSSCertificate_GetTokens(c, NULL); + /* XXX + * When we do searches by nickname, we only get instances of the + * cert for that nickname. An instance on another token with a + * different label will not match. Should the library do the + * this workaround? + */ + NSSDER *issuer = NSSCertificate_GetIssuer(c); + NSSDER *serial = NSSCertificate_GetSerialNumber(c); + NSSCertificate *cp = NSSTrustDomain_FindCertificateByIssuerAndSerialNumber(td, issuer, serial); + + tokens = NSSCertificate_GetTokens(cp, NULL); if (tokens) { for (tp = tokens; *tp; tp++) { PR_fprintf(rtData->output.file, "nickname \"%s\" on token \"%s\"\n", - NSSCertificate_GetNickname(c, *tp), + NSSCertificate_GetNickname(cp, *tp), NSSToken_GetName(*tp)); } NSSTokenArray_Destroy(tokens); PR_fprintf(rtData->output.file, "\n"); } + NSSCertificate_Destroy(cp); return PR_SUCCESS; } |