From 349023864eabe403a24a680119cb96af13310416 Mon Sep 17 00:00:00 2001
From: "ian.mcgreer%sun.com" <devnull@localhost>
Date: Tue, 7 May 2002 14:58:12 +0000
Subject: bug 142175, PK11_ListCerts regressions -- handle PKCS#11
 incompatibilites with serial numbers, and fix trust collection.

---
 security/nss/lib/dev/ckhelper.c |  5 ++++-
 security/nss/lib/pki/pkibase.c  | 29 +++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/security/nss/lib/dev/ckhelper.c b/security/nss/lib/dev/ckhelper.c
index 26314245a..1f3f1e3bc 100644
--- a/security/nss/lib/dev/ckhelper.c
+++ b/security/nss/lib/dev/ckhelper.c
@@ -533,13 +533,16 @@ get_nss_trust
 {
     nssTrustLevel t;
     switch (ckt) {
-    case CKT_NETSCAPE_TRUST_UNKNOWN: t = nssTrustLevel_Unknown; break;
     case CKT_NETSCAPE_UNTRUSTED: t = nssTrustLevel_NotTrusted; break;
     case CKT_NETSCAPE_TRUSTED_DELEGATOR: t = nssTrustLevel_TrustedDelegator; 
 	break;
     case CKT_NETSCAPE_VALID_DELEGATOR: t = nssTrustLevel_ValidDelegator; break;
     case CKT_NETSCAPE_TRUSTED: t = nssTrustLevel_Trusted; break;
     case CKT_NETSCAPE_VALID: t = nssTrustLevel_Valid; break;
+    case CKT_NETSCAPE_MUST_VERIFY:
+    case CKT_NETSCAPE_TRUST_UNKNOWN:
+    default:
+	t = nssTrustLevel_Unknown; break;
     }
     return t;
 }
diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c
index 8d61ad47f..8b7e95a2b 100644
--- a/security/nss/lib/pki/pkibase.c
+++ b/security/nss/lib/pki/pkibase.c
@@ -943,11 +943,22 @@ static PRStatus
 cert_getUIDFromObject(nssPKIObject *o, NSSItem *uid)
 {
     NSSCertificate *c = (NSSCertificate *)o;
+#ifdef NSS_3_4_CODE
+    /* The builtins are still returning decoded serial numbers.  Until
+     * this compatibility issue is resolved, use the full DER of the
+     * cert to uniquely identify it.
+     */
+    NSSDER *derCert;
+    derCert = nssCertificate_GetEncoding(c);
+    uid[0] = *derCert;
+    uid[1].data = NULL; uid[1].size = 0;
+#else
     NSSDER *issuer, *serial;
     issuer = nssCertificate_GetIssuer(c);
     serial = nssCertificate_GetSerialNumber(c);
     uid[0] = *issuer;
     uid[1] = *serial;
+#endif /* NSS_3_4_CODE */
     return PR_SUCCESS;
 }
 
@@ -955,6 +966,23 @@ static PRStatus
 cert_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid, 
                         NSSArena *arena)
 {
+#ifdef NSS_3_4_CODE
+    /* The builtins are still returning decoded serial numbers.  Until
+     * this compatibility issue is resolved, use the full DER of the
+     * cert to uniquely identify it.
+     */
+    uid[1].data = NULL; uid[1].size = 0;
+    return nssCryptokiCertificate_GetAttributes(instance,
+                                                NULL,  /* XXX sessionOpt */
+                                                arena, /* arena    */
+                                                NULL,  /* type     */
+                                                NULL,  /* id       */
+                                                &uid[0], /* encoding */
+                                                NULL,  /* issuer   */
+                                                NULL,  /* serial   */
+                                                NULL,  /* subject  */
+                                                NULL); /* email    */
+#else
     return nssCryptokiCertificate_GetAttributes(instance,
                                                 NULL,  /* XXX sessionOpt */
                                                 arena, /* arena    */
@@ -965,6 +993,7 @@ cert_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid,
                                                 &uid[1], /* serial */
                                                 NULL,  /* subject  */
                                                 NULL); /* email    */
+#endif /* NSS_3_4_CODE */
 }
 
 static nssPKIObject *
-- 
cgit v1.2.1