diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2002-01-07 19:53:47 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-01-07 19:53:47 +0000 |
commit | fe2ea106328ca32534df515935fd72f1255c9fcb (patch) | |
tree | a3a3527b6ab50b3f2d5dd46e450a0bf8d7ad95fa /security | |
parent | 6125070454e4fc7450e52f0afa07c81b277b74a9 (diff) | |
download | nss-hg-fe2ea106328ca32534df515935fd72f1255c9fcb.tar.gz |
fix pkcs12 bug where nicknames were disappearing
Diffstat (limited to 'security')
-rw-r--r-- | security/nss/lib/pkcs12/p12e.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c index 1a7248e70..9f9a92cea 100644 --- a/security/nss/lib/pkcs12/p12e.c +++ b/security/nss/lib/pkcs12/p12e.c @@ -1029,9 +1029,18 @@ SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *safe, CERTCertificate *tempCert; /* decode the certificate */ - tempCert = - CERT_DecodeDERCertificate( &certList->certs[count], - PR_FALSE, NULL); + /* XXX + * This was rather silly. The chain is constructed above + * by finding all of the CERTCertificate's in the database. + * Then the chain is put into a CERTCertificateList, which only + * contains the DER. Finally, the DER was decoded, and the + * decoded cert was sent recursively back to this function. + * Beyond being inefficent, this causes data loss (specifically, + * the nickname). Instead, for 3.4, we'll do a lookup by the + * DER, which should return the cached entry. + */ + tempCert = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), + &certList->certs[count]); if(!tempCert) { CERT_DestroyCertificateList(certList); goto loser; |