diff options
Diffstat (limited to 'security/nss/cmd/checkcert')
| -rw-r--r-- | security/nss/cmd/checkcert/Makefile | 76 | ||||
| -rw-r--r-- | security/nss/cmd/checkcert/checkcert.c | 640 | ||||
| -rw-r--r-- | security/nss/cmd/checkcert/makefile.win | 130 | ||||
| -rw-r--r-- | security/nss/cmd/checkcert/manifest.mn | 47 |
4 files changed, 893 insertions, 0 deletions
diff --git a/security/nss/cmd/checkcert/Makefile b/security/nss/cmd/checkcert/Makefile new file mode 100644 index 000000000..573c12cac --- /dev/null +++ b/security/nss/cmd/checkcert/Makefile @@ -0,0 +1,76 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include ../platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + + +include ../platrules.mk + diff --git a/security/nss/cmd/checkcert/checkcert.c b/security/nss/cmd/checkcert/checkcert.c new file mode 100644 index 000000000..0cd5e61aa --- /dev/null +++ b/security/nss/cmd/checkcert/checkcert.c @@ -0,0 +1,640 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#include "secutil.h" +#include "plgetopt.h" +#include "cert.h" +#include "secoid.h" +#include "cryptohi.h" + +/* maximum supported modulus length in bits (indicate problem if over this) */ +#define MAX_MODULUS (1024) + + +static void Usage(char *progName) +{ + fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n", + progName); + fprintf(stderr, "%-20s Cert to check is base64 encoded\n", + "-a"); + fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n", + "-A"); + fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n", + "-v"); + fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n", + "-f"); + fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", + "-o output"); + fprintf(stderr, "%-20s Specify the input type (no default)\n", + "-t type"); + exit(-1); +} + + +/* + * Check integer field named fieldName, printing out results and + * returning the length of the integer in bits + */ + +static +int checkInteger(SECItem *intItem, char *fieldName, int verbose) +{ + int len, bitlen; + if (verbose) { + printf("Checking %s\n", fieldName); + } + + len = intItem->len; + + if (len && (intItem->data[0] & 0x80)) { + printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n", + fieldName); + } + + + /* calculate bit length and check for unnecessary leading zeros */ + bitlen = len << 3; + if (len > 1 && intItem->data[0] == 0) { + /* leading zero byte(s) */ + if (!(intItem->data[1] & 0x80)) { + printf("PROBLEM: %s has unneeded leading zeros. Violates DER.\n", + fieldName); + } + /* strip leading zeros in length calculation */ + { + int i=0; + while (bitlen > 8 && intItem->data[i] == 0) { + bitlen -= 8; + i++; + } + } + } + return bitlen; +} + + + + +static +void checkName(CERTName *n, char *fieldName, int verbose) +{ + char *v=0; + if (verbose) { + printf("Checking %s\n", fieldName); + } + + v = CERT_GetCountryName(n); + if (!v) { + printf("PROBLEM: %s lacks Country Name (C)\n", + fieldName); + } + PORT_Free(v); + + v = CERT_GetOrgName(n); + if (!v) { + printf("PROBLEM: %s lacks Organization Name (O)\n", + fieldName); + } + PORT_Free(v); + + v = CERT_GetOrgUnitName(n); + if (!v) { + printf("WARNING: %s lacks Organization Unit Name (OU)\n", + fieldName); + } + PORT_Free(v); + + v = CERT_GetCommonName(n); + if (!v) { + printf("PROBLEM: %s lacks Common Name (CN)\n", + fieldName); + } + PORT_Free(v); +} + + + + +/* + * Private version of verification that checks for agreement between + * signature algorithm oid (at the SignedData level) and oid in DigestInfo. + * + */ + + +/* Returns the tag for the hash algorithm in the given signature algorithm */ + static + int hashAlg(int sigAlgTag) { + int rv; + switch(sigAlgTag) { + case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: + rv = SEC_OID_MD2; + break; + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: + rv = SEC_OID_MD5; + break; + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + rv = SEC_OID_SHA1; + break; + default: + rv = -1; + } + return rv; + } + + + +struct VFYContextStr { + int alg; + unsigned char digest[32]; + void *hasher; + void (*begin)(void *); + void (*update)(void *, unsigned char*, unsigned); + SECStatus (*end)(void *, unsigned char*, unsigned int*, unsigned); + void (*destroy)(void *, PRBool); +}; + + +static +SECStatus +OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, + SECItem *sig, SECAlgorithmID *sigAlgorithm) +{ + SECStatus rv; + VFYContext *cx; + SECOidData *sigAlgOid, *oiddata; + int sigAlgTag; + int hashAlgTag; + int showDigestOid=0; + + cx = VFY_CreateContext(key, sig, SECOID_GetAlgorithmTag(sigAlgorithm), + NULL); + if (cx == NULL) + return SECFailure; + + sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); + if (sigAlgOid == 0) + return SECFailure; + sigAlgTag = sigAlgOid->offset; + + hashAlgTag = hashAlg(sigAlgTag); + if (hashAlgTag == -1) { + printf("PROBLEM: Unsupported Digest Algorithm in DigestInfo"); + showDigestOid = 1; + } else if (hashAlgTag != cx->alg) { + printf("PROBLEM: Digest OID in DigestInfo is incompatible " + "with Signature Algorithm\n"); + showDigestOid = 1; + } + + if (showDigestOid) { + oiddata = SECOID_FindOIDByTag(cx->alg); + if ( oiddata ) { + printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc); + } else { + SECU_PrintAsHex(stdout, + &oiddata->oid, "PROBLEM: UNKNOWN OID", 0); + } + } + + rv = VFY_Begin(cx); + if (rv == SECSuccess) { + rv = VFY_Update(cx, buf, len); + if (rv == SECSuccess) + rv = VFY_End(cx); + } + + VFY_DestroyContext(cx, PR_TRUE); + return rv; +} + + + +static +SECStatus +OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert) +{ + SECItem sig; + SECKEYPublicKey *pubKey = 0; + SECStatus rv; + + /* check the certificate's validity */ + rv = CERT_CertTimesValid(cert); + if ( rv ) { + return(SECFailure); + } + + /* get cert's public key */ + pubKey = CERT_ExtractPublicKey(cert); + if ( !pubKey ) { + return(SECFailure); + } + + /* check the signature */ + sig = sd->signature; + DER_ConvertBitString(&sig); + rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig, + &sd->signatureAlgorithm); + + SECKEY_DestroyPublicKey(pubKey); + + if ( rv ) { + return(SECFailure); + } + + return(SECSuccess); +} + + + + +static +CERTCertificate *createEmptyCertificate(void) +{ + PRArenaPool *arena = 0; + CERTCertificate *c = 0; + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if ( !arena ) { + return 0; + } + + + c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate)); + + if (c) { + c->referenceCount = 1; + c->arena = arena; + } else { + PORT_FreeArena(arena,PR_TRUE); + } + + return c; +} + + + + +int main(int argc, char **argv) +{ + int rv, verbose=0, force=0; + int ascii=0, issuerAscii=0; + char *progName=0; + PRFileDesc *inFile=0, *issuerCertFile=0; + SECItem derCert, derIssuerCert; + PRArenaPool *arena=0; + CERTSignedData *signedData=0; + CERTCertificate *cert=0, *issuerCert=0; + SECKEYPublicKey *rsapubkey=0; + SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption; + SECAlgorithmID sha1WithRSAEncryption, rsaEncryption; + SECItem spk; + int selfSigned=0; + int invalid=0; + char *inFileName = NULL, *issuerCertFileName = NULL; + PLOptState *optstate; + PLOptStatus status; + + PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption)); + PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption)); + PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption)); + PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption)); + + progName = strrchr(argv[0], '/'); + progName = progName ? progName+1 : argv[0]; + + optstate = PL_CreateOptState(argc, argv, "aAvf"); + while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { + switch (optstate->option) { + case 'v': + verbose = 1; + break; + + case 'f': + force = 1; + break; + + case 'a': + ascii = 1; + break; + + case 'A': + issuerAscii = 1; + break; + + case '\0': + if (!inFileName) + inFileName = PL_strdup(optstate->value); + else if (!issuerCertFileName) + issuerCertFileName = PL_strdup(optstate->value); + else + Usage(progName); + break; + } + } + + if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) { + /* insufficient or excess args */ + Usage(progName); + } + + inFile = PR_Open(inFileName, PR_RDONLY, 0); + if (!inFile) { + fprintf(stderr, "%s: unable to open \"%s\" for reading\n", + progName, inFileName); + exit(1); + } + + issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0); + if (!issuerCertFile) { + fprintf(stderr, "%s: unable to open \"%s\" for reading\n", + progName, issuerCertFileName); + exit(1); + } + + if (SECU_ReadDERFromFile(&derCert, inFile, ascii) != SECSuccess) { + printf("Couldn't read input certificate as DER binary or base64\n"); + exit(1); + } + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (arena == 0) { + fprintf(stderr,"%s: can't allocate scratch arena!", progName); + exit(1); + } + + if (issuerCertFile) { + CERTSignedData *issuerCertSD=0; + if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii) + != SECSuccess) { + printf("Couldn't read issuer certificate as DER binary or base64.\n"); + exit(1); + } + issuerCertSD = (CERTSignedData *) PORT_ArenaZAlloc(arena, + sizeof(CERTSignedData)); + if (!issuerCertSD) { + fprintf(stderr,"%s: can't allocate issuer signed data!", progName); + exit(1); + } + rv = SEC_ASN1DecodeItem(arena, issuerCertSD, + SEC_ASN1_GET(CERT_SignedDataTemplate), + &derIssuerCert); + if (rv) { + fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n", + progName); + exit(1); + } + issuerCert = createEmptyCertificate(); + if (!issuerCert) { + printf("%s: can't allocate space for issuer cert.", progName); + exit(1); + } + rv = SEC_ASN1DecodeItem(arena, issuerCert, + SEC_ASN1_GET(CERT_CertificateTemplate), + &issuerCertSD->data); + if (rv) { + printf("%s: Does not appear to be an X509 Certificate.\n", + progName); + exit(1); + } + } + + signedData = (CERTSignedData *) PORT_ArenaZAlloc(arena,sizeof(CERTSignedData)); + if (!signedData) { + fprintf(stderr,"%s: can't allocate signedData!", progName); + exit(1); + } + + rv = SEC_ASN1DecodeItem(arena, signedData, + SEC_ASN1_GET(CERT_SignedDataTemplate), + &derCert); + if (rv) { + fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n", + progName); + exit(1); + } + + if (verbose) { + printf("Decoded ok as X509 SIGNED data.\n"); + } + + cert = createEmptyCertificate(); + if (!cert) { + fprintf(stderr, "%s: can't allocate cert", progName); + exit(1); + } + + rv = SEC_ASN1DecodeItem(arena, cert, + SEC_ASN1_GET(CERT_CertificateTemplate), + &signedData->data); + if (rv) { + fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n", + progName); + exit(1); + } + + + if (verbose) { + printf("Decoded ok as an X509 certificate.\n"); + } + + + rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0, + SECU_PrintCertificate); + + if (rv) { + fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n", + progName, PORT_GetError()); + if (!force) { + exit(1); + } + } + + + /* Do various checks on the cert */ + + printf("\n"); + + /* Check algorithms */ + SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption, + SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL); + + SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption, + SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL); + + SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption, + SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL); + + SECOID_SetAlgorithmID(arena, &rsaEncryption, + SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); + + { + int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature, + &md5WithRSAEncryption) == 0); + int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature, + &md2WithRSAEncryption) == 0); + int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature, + &sha1WithRSAEncryption) == 0); + + if (verbose) { + printf("\nDoing algorithm checks.\n"); + } + + if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) { + printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n"); + } else if (!isMD5RSA) { + printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n"); + } + + if (SECOID_CompareAlgorithmID(&cert->signature, + &signedData->signatureAlgorithm)) { + printf("PROBLEM: Algorithm in sig and certInfo don't match.\n"); + } + } + + if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm, + &rsaEncryption)) { + printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n"); + } + + /* Check further public key properties */ + spk = cert->subjectPublicKeyInfo.subjectPublicKey; + DER_ConvertBitString(&spk); + + if (verbose) { + printf("\nsubjectPublicKey DER\n"); + rv = DER_PrettyPrint(stdout, &spk, PR_FALSE); + printf("\n"); + } + + rsapubkey = (SECKEYPublicKey *) + PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey)); + if (!rsapubkey) { + fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName); + exit(1); + } + + rv = SEC_ASN1DecodeItem(arena, rsapubkey, + SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &spk); + if (rv) { + printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n"); + } else { + int mlen; + int pubexp; + if (verbose) { + printf("Decoded RSA Public Key ok. Doing key checks.\n"); + } + PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */ + mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose); + printf("INFO: Public Key modulus length in bits: %d\n", mlen); + if (mlen > MAX_MODULUS) { + printf("PROBLEM: Modulus length exceeds %d bits.\n", + MAX_MODULUS); + } + if (mlen < 512) { + printf("WARNING: Short modulus.\n"); + } + if (mlen != (1 << (ffs(mlen)-1))) { + printf("WARNING: Unusual modulus length (not a power of two).\n"); + } + checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent", + verbose); + pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent); + if (pubexp != 17 && pubexp != 3 && pubexp != 65537) { + printf("WARNING: Public exponent not any of: 3, 17, 65537\n"); + } + } + + + /* Name checks */ + checkName(&cert->issuer, "Issuer Name", verbose); + checkName(&cert->subject, "Subject Name", verbose); + + if (issuerCert) { + SECComparison c = + CERT_CompareName(&cert->issuer, &issuerCert->subject); + if (c) { + printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n"); + } + } + + /* Check if self-signed */ + selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0); + if (selfSigned) { + printf("INFO: Certificate is self signed.\n"); + } else { + printf("INFO: Certificate is NOT self-signed.\n"); + } + + + /* Validity time check */ + if (CERT_CertTimesValid(cert) == SECSuccess) { + printf("INFO: Inside validity period of certificate.\n"); + } else { + printf("PROBLEM: Not in validity period of certificate.\n"); + invalid = 1; + } + + /* Signature check if self-signed */ + if (selfSigned && !invalid) { + if (rsapubkey->u.rsa.modulus.len) { + SECStatus ver; + if (verbose) { + printf("Checking self signature.\n"); + } + ver = OurVerifySignedData(signedData, cert); + if (ver != SECSuccess) { + printf("PROBLEM: Verification of self-signature failed!\n"); + } else { + printf("INFO: Self-signature verifies ok.\n"); + } + } else { + printf("INFO: Not checking signature due to key problems.\n"); + } + } else if (!selfSigned && !invalid && issuerCert) { + SECStatus ver; + ver = OurVerifySignedData(signedData, issuerCert); + if (ver != SECSuccess) { + printf("PROBLEM: Verification of issuer's signature failed!\n"); + } else { + printf("INFO: Issuer's signature verifies ok.\n"); + } + } else { + printf("INFO: Not checking signature.\n"); + } + + return 0; +} + + + diff --git a/security/nss/cmd/checkcert/makefile.win b/security/nss/cmd/checkcert/makefile.win new file mode 100644 index 000000000..ff1fe62a7 --- /dev/null +++ b/security/nss/cmd/checkcert/makefile.win @@ -0,0 +1,130 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +VERBOSE = 1 +include <manifest.mn> + +#cannot define PROGRAM in manifest compatibly with NT and UNIX +PROGRAM = checkcert +PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe +include <$(DEPTH)\config\config.mak> + +# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ +# rules.mak will append C_OBJS onto OBJS. +# OBJS = $(CSRCS:.c=.obj) + +# include files are looked for in $LINCS and $INCS. +# $LINCS is in manifest.mnw, computed from REQUIRES= +INCS = $(INCS) \ + -I$(DEPTH)/security/lib/cert \ + -I../include \ + $(NULL) + +IGNORE_ME = \ + -I$(DEPTH)/security/lib/key \ + -I$(DEPTH)/security/lib/util \ + $(NULL) + + +WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg + +# these files are the content of libdbm +DBM_LIB = \ + $(WINFE)/DB.obj \ + $(WINFE)/HASH.obj \ + $(WINFE)/H_BIGKEY.obj \ + $(WINFE)/H_PAGE.obj \ + $(WINFE)/H_LOG2.obj \ + $(WINFE)/H_FUNC.obj \ + $(WINFE)/HASH_BUF.obj \ + $(NULL) + +MOZ_LIBS = \ + $(WINFE)/ALLXPSTR.obj \ + $(WINFE)/XP_ERROR.obj \ + $(WINFE)/XPASSERT.obj \ + $(WINFE)/XP_REG.obj \ + $(WINFE)/XP_TRACE.obj \ + $(DBM_LIB) \ + $(WINFE)/XP_STR.obj \ + $(WINFE)/MKTEMP.obj \ + $(NULL) + +SEC_LIBS = \ + $(DIST)/lib/cert$(MOZ_BITS).lib \ + $(DIST)/lib/crypto$(MOZ_BITS).lib \ + $(DIST)/lib/hash$(MOZ_BITS).lib \ + $(DIST)/lib/key$(MOZ_BITS).lib \ + $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ + $(DIST)/lib/secmod$(MOZ_BITS).lib \ + $(DIST)/lib/secutl$(MOZ_BITS).lib \ + $(DIST)/lib/ssl$(MOZ_BITS).lib \ + $(NULL) + +LLFLAGS = $(LLFLAGS) \ + ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ + $(SEC_LIBS) \ + $(MOZ_LIBS) \ + $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ + $(LIBNSPR) \ + $(NULL) + + +include <$(DEPTH)\config\rules.mak> + +INSTALL = $(MAKE_INSTALL) + +objs: $(OBJS) + +$(PROGRAM):: + $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) + +programs: $(PROGRAM) + +install:: $(TARGETS) + $(INSTALL) $(TARGETS) $(DIST)/bin + + +symbols: + @echo "CSRCS = $(CSRCS)" + @echo "INCS = $(INCS)" + @echo "OBJS = $(OBJS)" + @echo "LIBRARY = $(LIBRARY)" + @echo "PROGRAM = $(PROGRAM)" + @echo "TARGETS = $(TARGETS)" + @echo "DIST = $(DIST)" + @echo "VERSION_NUMBER = $(VERSION_NUMBER)" + @echo "WINFE = $(WINFE)" + @echo "DBM_LIB = $(DBM_LIB)" + @echo "INSTALL = $(INSTALL)" + diff --git a/security/nss/cmd/checkcert/manifest.mn b/security/nss/cmd/checkcert/manifest.mn new file mode 100644 index 000000000..9d5a99f73 --- /dev/null +++ b/security/nss/cmd/checkcert/manifest.mn @@ -0,0 +1,47 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = ../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = security + +# This next line is used by .mk files +# and gets translated into $LINCS in manifest.mnw +REQUIRES = seccmd dbm + +DEFINES = -DNSPR20 + +CSRCS = checkcert.c + +PROGRAM = checkcert |