diff options
author | relyea%netscape.com <devnull@localhost> | 2002-09-27 15:55:01 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2002-09-27 15:55:01 +0000 |
commit | 568ba7842917ce38a6be71d99a47a442686439e4 (patch) | |
tree | 09473c72aecc855fd7e38b7bc9091e71defce9b4 /security/nss/lib/pki/pki3hack.c | |
parent | d69f42cb9fcc5d22c068aea738a8cfcbe4aaa787 (diff) | |
parent | 0540a86397f9191ab53ddb3b58c4f2c14fb2281f (diff) | |
download | nss-hg-568ba7842917ce38a6be71d99a47a442686439e4.tar.gz |
Bug 166894: Handle changing Trust when cert is in the token.
Diffstat (limited to 'security/nss/lib/pki/pki3hack.c')
-rw-r--r-- | security/nss/lib/pki/pki3hack.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 2af042f29..1a7432f0a 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -945,6 +945,37 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) nssTrust->clientAuth, nssTrust->codeSigning, nssTrust->emailProtection, PR_TRUE); + /* If the selected token can't handle trust, dump the trust on + * the internal token */ + if (!newInstance && !PK11_IsInternal(tok->pk11slot)) { + PK11SlotInfo *slot = PK11_GetInternalKeySlot(); + NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL); + NSSASCII7 *email = c->email; + tok = PK11Slot_GetNSSToken(slot); + PK11_FreeSlot(slot); + + newInstance = nssToken_ImportCertificate(tok, NULL, + NSSCertificateType_PKIX, + &c->id, + nickname, + &c->encoding, + &c->issuer, + &c->subject, + &c->serial, + email, + PR_TRUE); + if (!newInstance) { + nssrv = PR_FAILURE; + goto done; + } + nssPKIObject_AddInstance(&c->object, newInstance); + newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding, + &c->issuer, &c->serial, + nssTrust->serverAuth, + nssTrust->clientAuth, + nssTrust->codeSigning, + nssTrust->emailProtection, PR_TRUE); + } if (newInstance) { nssCryptokiObject_Destroy(newInstance); nssrv = PR_SUCCESS; |