diff options
-rw-r--r-- | security/nss/lib/certdb/stanpcertdb.c | 4 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 2 | ||||
-rw-r--r-- | security/nss/lib/pki/pkistore.c | 5 | ||||
-rw-r--r-- | security/nss/lib/pki/pkistore.h | 3 |
4 files changed, 8 insertions, 6 deletions
diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c index 3f52f438e..5b4b7a088 100644 --- a/security/nss/lib/certdb/stanpcertdb.c +++ b/security/nss/lib/certdb/stanpcertdb.c @@ -157,7 +157,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, stanNick = nssUTF8_Duplicate((NSSUTF8 *)nickname, c->object.arena); } /* Delete the temp instance */ - nssCertificateStore_Remove(context->certStore, c); + nssCertificateStore_Remove(context->certStore, c, PR_TRUE); c->object.cryptoContext = NULL; /* Import the perm instance onto the internal token */ slot = PK11_GetInternalKeySlot(); @@ -607,7 +607,7 @@ CERT_DestroyCertificate(CERTCertificate *cert) if (refCount == 2) { NSSCryptoContext *cc = tmp->object.cryptoContext; if (cc != NULL) { - nssCertificateStore_Remove(cc->certStore, tmp); + nssCertificateStore_Remove(cc->certStore, tmp, PR_FALSE); } else { nssTrustDomain_RemoveCertFromCache(td, tmp); } diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 745fce946..58f6b24b6 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1721,7 +1721,7 @@ done: if (c->object.cryptoContext) { /* Delete the temp instance */ - nssCertificateStore_Remove(c->object.cryptoContext->certStore, c); + nssCertificateStore_Remove(c->object.cryptoContext->certStore, c, PR_TRUE); c->object.cryptoContext = NULL; cert->istemp = PR_FALSE; cert->isperm = PR_TRUE; diff --git a/security/nss/lib/pki/pkistore.c b/security/nss/lib/pki/pkistore.c index a045b0a68..4d03e1274 100644 --- a/security/nss/lib/pki/pkistore.c +++ b/security/nss/lib/pki/pkistore.c @@ -317,13 +317,14 @@ NSS_IMPLEMENT void nssCertificateStore_Remove ( nssCertificateStore *store, - NSSCertificate *cert + NSSCertificate *cert, + PRBool force /* described in bug 171198 */ ) { certificate_hash_entry *entry; PZ_Lock(store->lock); #ifdef NSS_3_4_CODE - if (cert->object.refCount > 2) { + if (!force && cert->object.refCount > 2) { /* This continues the hack described in CERT_DestroyCertificate. * Because NSS 3.4 maintains a single, global, crypto context, * certs must be explicitly removed from it when there are no diff --git a/security/nss/lib/pki/pkistore.h b/security/nss/lib/pki/pkistore.h index a13186118..ce4c96099 100644 --- a/security/nss/lib/pki/pkistore.h +++ b/security/nss/lib/pki/pkistore.h @@ -89,7 +89,8 @@ NSS_EXTERN void nssCertificateStore_Remove ( nssCertificateStore *store, - NSSCertificate *cert + NSSCertificate *cert, + PRBool force /* described in bug 171198 */ ); NSS_EXTERN NSSCertificate ** |