mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

b=123917 Remove non-NSS_3_4 codepaths 

r=wtc sr=alecf
This commit is contained in:
kaie%netscape.com 2002-08-07 13:39:57 +00:00
Родитель 7c0bfafa01
Коммит 21f0d86067
13 изменённых файлов: 11 добавлений и 243 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
config/config.mk
Просмотреть файл

@ -161,7 +161,6 @@ FINAL_LINK_COMP_NAMES = $(DEPTH)/config/final-link-comp-names
#
# NSS libs needed for final link in static build
#
NSS_3_4=1
ifneq (,$(filter OS2 WINNT,$(OS_ARCH)))
NSS_LIBS = \

10
security/manager/Makefile.in
Просмотреть файл

@ -29,16 +29,10 @@ include $(DEPTH)/config/autoconf.mk
LOADABLE_ROOT_MODULE = $(LIB_PREFIX)nssckbi$(DLL_SUFFIX)
NSS_3_4=1
ifdef NSS_3_4
DEFINES += -DNSS_3_4
NSS3_LIB = $(LIB_PREFIX)nss3$(DLL_SUFFIX)
SMIME3_LIB = $(LIB_PREFIX)smime3$(DLL_SUFFIX)
SSL3_LIB = $(LIB_PREFIX)ssl3$(DLL_SUFFIX)
SOFTOKEN3_LIB = $(LIB_PREFIX)softokn3$(DLL_SUFFIX)
endif
FREEBL_PURE32_MODULE = libfreebl_pure32_3$(DLL_SUFFIX)
FREEBL_HYBRID_MODULE = libfreebl_hybrid_3$(DLL_SUFFIX)
@ -97,12 +91,10 @@ else
endif
$(MAKE) -C $(topsrcdir)/security/nss/lib $(DEFAULT_GMAKE_FLAGS)
$(INSTALL) -m 755 $(DIST)/lib/$(LOADABLE_ROOT_MODULE) $(DIST)/bin
ifdef NSS_3_4
$(INSTALL) -m 755 $(DIST)/lib/$(SOFTOKEN3_LIB) $(DIST)/bin
$(INSTALL) -m 755 $(DIST)/lib/$(NSS3_LIB) $(DIST)/bin
$(INSTALL) -m 755 $(DIST)/lib/$(SSL3_LIB) $(DIST)/bin
$(INSTALL) -m 755 $(DIST)/lib/$(SMIME3_LIB) $(DIST)/bin
endif
ifneq (,$(filter SunOS HP-UX,$(OS_ARCH)))
ifneq ($(OS_TEST),i86pc)
ifndef HAVE_64BIT_OS
@ -117,12 +109,10 @@ endif
install::
$(SYSINSTALL) -m 755 $(DIST)/lib/$(LOADABLE_ROOT_MODULE) $(DESTDIR)$(mozappdir)
ifdef NSS_3_4
$(SYSINSTALL) -m 755 $(DIST)/lib/$(SOFTOKEN3_LIB) $(DESTDIR)$(mozappdir)
$(SYSINSTALL) -m 755 $(DIST)/lib/$(NSS3_LIB) $(DESTDIR)$(mozappdir)
$(SYSINSTALL) -m 755 $(DIST)/lib/$(SSL3_LIB) $(DESTDIR)$(mozappdir)
$(SYSINSTALL) -m 755 $(DIST)/lib/$(SMIME3_LIB) $(DESTDIR)$(mozappdir)
endif
ifneq (,$(filter SunOS HP-UX,$(OS_ARCH)))
ifneq ($(OS_TEST),i86pc)
ifndef HAVE_64BIT_OS

1
security/manager/ssl/macbuild/PIPNSSCommon.h
Просмотреть файл

@ -37,4 +37,3 @@
*
* ***** END LICENSE BLOCK ***** */
#define NSS_3_4

6
security/manager/ssl/src/Makefile.in
Просмотреть файл

@ -93,12 +93,6 @@ REQUIRES = nspr \
pipboot \
$(NULL)
NSS_3_4=1
ifdef NSS_3_4
DEFINES += -DNSS_3_4
endif
EXTRA_DEPS = $(NSS_DEP_LIBS)
include $(topsrcdir)/config/rules.mk

29
security/manager/ssl/src/makefile.win
Просмотреть файл

@ -73,21 +73,12 @@ REQUIRES = \
include <$(DEPTH)/config/config.mak>
NSS_3_4=1
!if !defined(NSS_3_4)
CFLAGS = $(CFLAGS) -DNSS_USE_STATIC_LIBS
!endif
LINCS = $(LINCS) \
-I$(XPDIST)/public/security \
-I$(XPDIST)/private/security \
$(NULL)
!if defined(NSS_3_4)
CFLAGS=$(CFLAGS) -DNSS_3_4
SUB_LIBRARIES = \
$(DIST)/lib/crmf.lib \
$(DIST)/lib/smime3.lib \
@ -95,24 +86,6 @@ SUB_LIBRARIES = \
$(DIST)/lib/nss3.lib \
$(DIST)/lib/softokn3.lib \
$(NULL)
!else
SUB_LIBRARIES = \
$(DIST)/lib/smime.lib \
$(DIST)/lib/crmf.lib \
$(DIST)/lib/ssl.lib \
$(DIST)/lib/nss.lib \
$(DIST)/lib/certhi.lib \
$(DIST)/lib/cryptohi.lib \
$(DIST)/lib/pk11wrap.lib \
$(DIST)/lib/certdb.lib \
$(DIST)/lib/softoken.lib \
$(DIST)/lib/pkcs12.lib \
$(DIST)/lib/pkcs7.lib \
$(DIST)/lib/freebl.lib \
$(DIST)/lib/secutil.lib \
$(DIST)/lib/dbm.lib \
$(NULL)
!endif
LLIBS = \
$(LIBNSPR) \
@ -150,9 +123,7 @@ include <$(DEPTH)\config\rules.mak>
libs:: $(DLL)
$(MAKE_INSTALL) $(DIST)\lib\nssckbi.dll $(DIST)\bin
!if defined(NSS_3_4)
$(MAKE_INSTALL) $(DIST)\lib\softokn3.dll $(DIST)\bin
$(MAKE_INSTALL) $(DIST)\lib\nss3.dll $(DIST)\bin
$(MAKE_INSTALL) $(DIST)\lib\smime3.dll $(DIST)\bin
$(MAKE_INSTALL) $(DIST)\lib\ssl3.dll $(DIST)\bin
!endif

58
security/manager/ssl/src/nsCrypto.cpp
Просмотреть файл

@ -63,9 +63,7 @@
extern "C" {
#include "crmf.h"
#include "crmfi.h"
#ifdef NSS_3_4
#include "pk11pqg.h"
#endif
}
#include "cmmf.h"
#include "nssb64.h"
@ -237,20 +235,6 @@ NS_INTERFACE_MAP_END_THREADSAFE
NS_IMPL_THREADSAFE_ADDREF(nsCryptoRunArgs)
NS_IMPL_THREADSAFE_RELEASE(nsCryptoRunArgs)
#ifndef NSS_3_4
/*
* We're cheating for now so that escrowing keys on smart cards
* will work. The NSS team gave us their blessing to do this
* until they export a public function with equivalent functionality.
*/
extern "C" SECKEYPrivateKey*
pk11_loadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey,
SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive);
#define __FUNCTIONNAME_PK11_LoadPrivKey pk11_loadPrivKey
#else
#define __FUNCTIONNAME_PK11_LoadPrivKey PK11_LoadPrivKey
#endif
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
nsCrypto::nsCrypto()
@ -496,18 +480,6 @@ cryptojs_interpret_key_gen_type(char *keyAlg)
return invalidKeyGen;
}
#ifdef NSS_3_4
#define __FUNCTIONNAME_PK11_PQG_ParamGen PK11_PQG_ParamGen
#define __FUNCTIONNAME_PK11_PQG_DestroyVerify PK11_PQG_DestroyVerify
#define __FUNCTIONNAME_PK11_PQG_DestroyParams PK11_PQG_DestroyParams
#define __WRAPPER_SEC_ASN1EncodeItem_Param4(p) SEC_ASN1_GET(p)
#else
#define __FUNCTIONNAME_PK11_PQG_ParamGen PQG_ParamGen
#define __FUNCTIONNAME_PK11_PQG_DestroyVerify PQG_DestroyVerify
#define __FUNCTIONNAME_PK11_PQG_DestroyParams PQG_DestroyParams
#define __WRAPPER_SEC_ASN1EncodeItem_Param4(p) p
#endif
//Take the string passed into us via crypto.generateCRMFRequest
//as the keygen type parameter and convert it to parameters
//we can actually pass to the PKCS#11 layer.
@ -555,13 +527,13 @@ nsConvertToActualKeyGenParams(PRUint32 keyGenMech, char *params,
returnParams = nsnull;
break;
}
rv = __FUNCTIONNAME_PK11_PQG_ParamGen(0, &pqgParams, &vfy);
rv = PK11_PQG_ParamGen(0, &pqgParams, &vfy);
if (vfy) {
__FUNCTIONNAME_PK11_PQG_DestroyVerify(vfy);
PK11_PQG_DestroyVerify(vfy);
}
if (rv != SECSuccess) {
if (pqgParams) {
__FUNCTIONNAME_PK11_PQG_DestroyParams(pqgParams);
PK11_PQG_DestroyParams(pqgParams);
}
return nsnull;
}
@ -602,7 +574,7 @@ nsFreeKeyGenParams(CK_MECHANISM_TYPE keyGenMechanism, void *params)
nsMemory::Free(params);
break;
case CKM_DSA_KEY_PAIR_GEN:
__FUNCTIONNAME_PK11_PQG_DestroyParams(NS_STATIC_CAST(PQGParams*,params));
PK11_PQG_DestroyParams(NS_STATIC_CAST(PQGParams*,params));
break;
}
}
@ -713,7 +685,7 @@ cryptojs_generateOneKeyPair(JSContext *cx, nsKeyPairInfo *keyPairInfo,
//If we generated the key pair on the internal slot because the
// keys were going to be escrowed, move the keys over right now.
if (willEscrow && intSlot) {
SECKEYPrivateKey *newPrivKey = __FUNCTIONNAME_PK11_LoadPrivKey(origSlot,
SECKEYPrivateKey *newPrivKey = PK11_LoadPrivKey(origSlot,
keyPairInfo->privKey,
keyPairInfo->pubKey,
PR_TRUE, PR_TRUE);
@ -946,7 +918,7 @@ nsSetRegToken(CRMFCertRequest *certReq, char *regToken)
src.data = (unsigned char*)regToken;
src.len = strlen(regToken);
SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src,
__WRAPPER_SEC_ASN1EncodeItem_Param4(SEC_UTF8StringTemplate));
SEC_ASN1_GET(SEC_UTF8StringTemplate));
if (!derEncoded)
return NS_ERROR_FAILURE;
@ -974,7 +946,7 @@ nsSetAuthenticator(CRMFCertRequest *certReq, char *authenticator)
src.data = (unsigned char*)authenticator;
src.len = strlen(authenticator);
SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src,
__WRAPPER_SEC_ASN1EncodeItem_Param4(SEC_UTF8StringTemplate));
SEC_ASN1_GET(SEC_UTF8StringTemplate));
if (!derEncoded)
return NS_ERROR_FAILURE;
@ -1791,16 +1763,7 @@ nsCertAlreadyExists(SECItem *derCert)
if (!arena)
return PR_FALSE; //What else could we return?
#ifdef NSS_3_4
cert = CERT_FindCertByDERCert(handle, derCert);
#else
SECItem key;
SECStatus srv = CERT_KeyFromDERCert(arena, derCert, &key);
if (srv != SECSuccess)
return PR_FALSE;
cert = CERT_FindCertByKey(handle, &key);
#endif
if (cert) {
if (cert->isperm && !cert->nickname && !cert->emailAddr) {
//If the cert doesn't have a nickname or email addr, it is
@ -1923,16 +1886,9 @@ nsCrypto::ImportUserCertificates(const nsAString& aNickname,
// Let's figure out which nickname to give the cert. If
// a certificate with the same subject name already exists,
// then just use that one, otherwise, get the default nickname.
#ifdef NSS_3_4
if (currCert->nickname) {
localNick = currCert->nickname;
}
#else
if (currCert->subjectList && currCert->subjectList->entry &&
currCert->subjectList->entry->nickname) {
localNick = currCert->subjectList->entry->nickname;
}
#endif
else if (nickname == nsnull || nickname[0] == '\0') {
localNick = default_nickname(currCert, ctx);
freeLocalNickname = PR_TRUE;

11
security/manager/ssl/src/nsKeygenHandler.cpp
Просмотреть файл

@ -22,9 +22,6 @@
extern "C" {
#include "secdert.h"
#ifndef NSS_3_4
#include "keydbt.h"
#endif
}
#include "nspr.h"
#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
@ -33,11 +30,9 @@ extern "C" {
#include "cryptohi.h"
#include "base64.h"
#include "secasn1.h"
#ifdef NSS_3_4
extern "C" {
#include "pk11pqg.h"
}
#endif
#include "nsProxiedService.h"
#include "nsKeygenHandler.h"
#include "nsVoidArray.h"
@ -83,7 +78,6 @@ DERTemplate CERTPublicKeyAndChallengeTemplate[] =
{ 0, }
};
#ifdef NSS_3_4
DERTemplate SECAlgorithmIDTemplate[] = {
{ DER_SEQUENCE,
0, NULL, sizeof(SECAlgorithmID) },
@ -101,7 +95,6 @@ const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
{ SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
{ 0, }
};
#endif
static NS_DEFINE_IID(kFormProcessorIID, NS_IFORMPROCESSOR_IID);
@ -164,11 +157,7 @@ pqg_prime_bits(char *str)
done:
if (params)
#ifdef NSS_3_4
PK11_PQG_DestroyParams(params);
#else
PQG_DestroyParams(params);
#endif
return primeBits;
}

4
security/manager/ssl/src/nsNSSCallbacks.cpp
Просмотреть файл

@ -116,11 +116,7 @@ nsSSLStatus::~nsSSLStatus()
}
#ifdef NSS_3_4
char* PR_CALLBACK
#else
char*
#endif
PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg) {
nsresult rv = NS_OK;
PRUnichar *password = nsnull;

4
security/manager/ssl/src/nsNSSCallbacks.h
Просмотреть файл

@ -27,11 +27,7 @@
#include "pk11func.h"
#include "nspr.h"
#ifdef NSS_3_4
char* PR_CALLBACK
#else
char*
#endif
PK11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void* arg);
void PR_CALLBACK HandshakeCallback(PRFileDesc *fd, void *client_data);

108
security/manager/ssl/src/nsNSSCertificate.cpp
Просмотреть файл

@ -701,13 +701,7 @@ nsNSSCertificate::~nsNSSCertificate()
nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
PK11_DeleteTokenCertAndKey(mCert, cxt);
CERT_DestroyCertificate(mCert);
} else
#ifdef NSS_3_4
if (!PK11_IsReadOnly(mCert->slot))
#else
if (!mCert->slot)
#endif
{
} else if (!PK11_IsReadOnly(mCert->slot)) {
// If the cert isn't a user cert and it is on an external token,
// then we'll just leave it as untrusted, but won't delete it
// from the cert db.
@ -911,7 +905,6 @@ nsNSSCertificate::FormatUIStrings(const nsAutoString &nickname, nsAutoString &ni
}
#ifdef NSS_3_4
#define NS_NSS_LONG 4
#define NS_NSS_GET_LONG(x) ((((unsigned long)((x)[0])) << 24) | \
(((unsigned long)((x)[1])) << 16) | \
@ -921,7 +914,6 @@ nsNSSCertificate::FormatUIStrings(const nsAutoString &nickname, nsAutoString &ni
(dest)[1] = (((src) >> 16) & 0xff); \
(dest)[2] = (((src) >> 8) & 0xff); \
(dest)[3] = ((src) & 0xff);
#endif
/* readonly attribute string dbKey; */
@ -932,7 +924,6 @@ nsNSSCertificate::GetDbKey(char * *aDbKey)
NS_ENSURE_ARG(aDbKey);
*aDbKey = nsnull;
#ifdef NSS_3_4
key.len = NS_NSS_LONG*4+mCert->serialNumber.len+mCert->derIssuer.len;
key.data = (unsigned char *)nsMemory::Alloc(key.len);
NS_NSS_PUT_LONG(0,key.data); // later put moduleID
@ -943,19 +934,9 @@ nsNSSCertificate::GetDbKey(char * *aDbKey)
mCert->serialNumber.len);
memcpy(&key.data[NS_NSS_LONG*4+mCert->serialNumber.len],
mCert->derIssuer.data, mCert->derIssuer.len);
#else
SECStatus srv;
srv = CERT_KeyFromIssuerAndSN(mCert->arena, &mCert->derIssuer,
&mCert->serialNumber, &key);
if (srv != SECSuccess) {
return NS_ERROR_FAILURE;
}
#endif
*aDbKey = NSSBase64_EncodeItem(nsnull, nsnull, 0, &key);
#ifdef NSS_3_4
nsMemory::Free(key.data); // SECItem is a 'c' type without a destrutor
#endif
return (*aDbKey) ? NS_OK : NS_ERROR_FAILURE;
}
@ -1338,12 +1319,7 @@ nsNSSCertificate::GetTokenName(PRUnichar **aTokenName)
// has been loaded from the token. Though the trust is correct (grabbed
// from the cert db), the source is wrong. I believe this is a safe
// way to work around this.
#ifdef NSS_3_4
// This is not a problem in NSS 3.4, & mCert->slot is always set
if (mCert->slot) {
#else
if (mCert->slot && !mCert->isperm) {
#endif
char *token = PK11_GetTokenName(mCert->slot);
if (token) {
*aTokenName = ToNewUnicode(NS_ConvertUTF8toUCS2(token));
@ -1983,12 +1959,6 @@ ProcessRawBytes(SECItem *data, nsString &text)
return NS_OK;
}
#ifdef NSS_3_4
#define __WRAPPER_SEC_ASN1DecodeItem_Param3(p) SEC_ASN1_GET(p)
#else
#define __WRAPPER_SEC_ASN1DecodeItem_Param3(p) p
#endif
static nsresult
ProcessNSCertTypeExtensions(SECItem *extData,
nsString &text,
@ -1998,7 +1968,7 @@ ProcessNSCertTypeExtensions(SECItem *extData,
decoded.data = nsnull;
decoded.len = 0;
SEC_ASN1DecodeItem(nsnull, &decoded,
__WRAPPER_SEC_ASN1DecodeItem_Param3(SEC_BitStringTemplate), extData);
SEC_ASN1_GET(SEC_BitStringTemplate), extData);
unsigned char nsCertType = decoded.data[0];
nsString local;
nsMemory::Free(decoded.data);
@ -2055,7 +2025,7 @@ ProcessKeyUsageExtension(SECItem *extData, nsString &text,
decoded.data = nsnull;
decoded.len = 0;
SEC_ASN1DecodeItem(nsnull, &decoded,
__WRAPPER_SEC_ASN1DecodeItem_Param3(SEC_BitStringTemplate), extData);
SEC_ASN1_GET(SEC_BitStringTemplate), extData);
unsigned char keyUsage = decoded.data[0];
nsString local;
nsMemory::Free(decoded.data);
@ -2826,17 +2796,12 @@ nsNSSCertificateDB::GetCertByDBKey(const char *aDBkey, nsIPK11Token *aToken,
{
SECItem keyItem = {siBuffer, nsnull, 0};
SECItem *dummy;
#ifdef NSS_3_4
CERTIssuerAndSN issuerSN;
unsigned long moduleID,slotID;
#endif
*_cert = nsnull;
if (!aDBkey) return NS_ERROR_FAILURE;
dummy = NSSBase64_DecodeBuffer(nsnull, &keyItem, aDBkey,
(PRUint32)PL_strlen(aDBkey));
#ifdef NSS_3_4
// the future is now, the cert is not longer loaded into temp db's forn now
// just fail
CERTCertificate *cert;
// someday maybe we can speed up the search using the moduleID and slotID
@ -2851,12 +2816,6 @@ nsNSSCertificateDB::GetCertByDBKey(const char *aDBkey, nsIPK11Token *aToken,
issuerSN.serialNumber.len];
cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN);
#else
// In the future, this should actually look on the token. But for now,
// take it for granted that the cert has been loaded into the temp db.
CERTCertificate *cert = CERT_FindCertByKey(CERT_GetDefaultCertDB(),
&keyItem);
#endif
PR_FREEIF(keyItem.data);
if (cert) {
nsNSSCertificate *nssCert = new nsNSSCertificate(cert);
@ -3120,16 +3079,11 @@ nsNSSCertificateDB::handleCACertDownload(nsISupportsArray *x509Certs,
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Creating temp cert\n"));
CERTCertificate *tmpCert;
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
#ifdef NSS_3_4
tmpCert = CERT_FindCertByDERCert(certdb, &der);
if (!tmpCert) {
tmpCert = CERT_NewTempCertificate(certdb, &der,
nsnull, PR_FALSE, PR_TRUE);
}
#else
tmpCert = CERT_NewTempCertificate(certdb, &der,
nsnull, PR_FALSE, PR_TRUE);
#endif
if (!tmpCert) {
NS_ASSERTION(0,"Couldn't create cert from DER blob\n");
return NS_ERROR_FAILURE;
@ -3138,11 +3092,7 @@ nsNSSCertificateDB::handleCACertDownload(nsISupportsArray *x509Certs,
CERTCertificateCleaner tmpCertCleaner(tmpCert);
PRBool canceled;
#ifdef NSS_3_4
if (tmpCert->isperm) {
#else
if (tmpCert->isperm) {
#endif
dialogs->CACertExists(ctx, &canceled);
return NS_ERROR_FAILURE;
}
@ -3597,19 +3547,12 @@ nsNSSCertificateDB::ImportUserCertificate(char *data, PRUint32 length, nsIInterf
PK11_FreeSlot(slot);
/* pick a nickname for the cert */
#ifdef NSS_3_4
if (cert->nickname) {
/* sigh, we need a call to look up other certs with this subject and
* identify nicknames from them. We can no longer walk down internal
* database structures rjr */
nickname = cert->nickname;
}
#else
if (cert->subjectList && cert->subjectList->entry &&
cert->subjectList->entry->nickname) {
nickname = cert->subjectList->entry->nickname;
}
#endif
else {
nickname = default_nickname(cert, ctx);
}
@ -4071,20 +4014,9 @@ nsNSSCertificateDB::GetOCSPResponders(nsISupportsArray ** aResponders)
return rv;
}
#ifdef NSS_3_4
sec_rv = PK11_TraverseSlotCerts(::GetOCSPResponders,
respondersArray,
nsnull);
#else
sec_rv = SEC_TraversePermCerts(CERT_GetDefaultCertDB(),
::GetOCSPResponders,
respondersArray);
if (sec_rv == SECSuccess) {
sec_rv = PK11_TraverseSlotCerts(::GetOCSPResponders,
respondersArray,
nsnull);
}
#endif
if (sec_rv != SECSuccess) {
goto loser;
}
@ -4227,7 +4159,7 @@ nsNSSCertificateDB::ImportCrl (char *aData, PRUint32 aLength, nsIURI * aURI, PRU
}
} else {
sec_rv = SEC_ASN1DecodeItem(arena,
&sd, __WRAPPER_SEC_ASN1DecodeItem_Param3(CERT_SignedDataTemplate),
&sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
&derCrl);
if (sec_rv != SECSuccess) {
goto loser;
@ -4840,7 +4772,6 @@ loser:
NS_IMETHODIMP
nsNSSCertificateDB::GetCertByEmailAddress(nsIPK11Token *aToken, const char *aEmailAddress, nsIX509Cert **_retval)
{
#ifdef NSS_3_4
CERTCertificate *any_cert = CERT_FindCertByNicknameOrEmailAddr(CERT_GetDefaultCertDB(), (char*)aEmailAddress);
if (!any_cert)
return NS_ERROR_FAILURE;
@ -4868,37 +4799,6 @@ nsNSSCertificateDB::GetCertByEmailAddress(nsIPK11Token *aToken, const char *aEma
NS_ADDREF(nssCert);
*_retval = NS_STATIC_CAST(nsIX509Cert*, nssCert);
return NS_OK;
#else
CERTCertList *certList = nsnull;
SECStatus sec_rv;
nsresult rv = NS_OK;
certList = CERT_CreateEmailAddrCertList(nsnull, CERT_GetDefaultCertDB(),
(char*)aEmailAddress, PR_Now(), PR_TRUE);
if (certList == nsnull) {
rv = NS_ERROR_FAILURE;
goto loser;
}
sec_rv = CERT_FilterCertListByUsage(certList, certUsageEmailRecipient, PR_FALSE);
if (!CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
nsNSSCertificate *nssCert = new nsNSSCertificate(CERT_LIST_HEAD(certList)->cert);
if (nssCert == nsnull) {
rv = NS_ERROR_OUT_OF_MEMORY;
goto loser;
}
NS_ADDREF(nssCert);
*_retval = NS_STATIC_CAST(nsIX509Cert*, nssCert);
}
loser:
if (certList) {
CERT_DestroyCertList(certList);
}
return rv;
#endif
}
/* nsIX509Cert constructX509FromBase64 (in string base64); */

2
security/manager/ssl/src/nsNSSCertificate.h
Просмотреть файл

@ -40,12 +40,10 @@
#include "nsIX509Cert.h"
#include "nsIX509CertDB.h"
#ifdef NSS_3_4
/* private NSS defines used by PSM */
/* (must be declated before cert.h) */
#define CERT_NewTempCertificate __CERT_NewTempCertificate
#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm
#endif
#include "prtypes.h"
#include "cert.h"

12
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -79,9 +79,6 @@
#include "ocsp.h"
#include "cms.h"
extern "C" {
#ifndef NSS_3_4
#include "pkcs11.h"
#endif
#include "pkcs12.h"
#include "p12plcy.h"
}
@ -95,11 +92,7 @@ static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
int nsNSSComponent::mInstanceCount = 0;
// XXX tmp callback for slot password
#ifdef NSS_3_4
extern char * PR_CALLBACK
#else
extern char *
#endif
pk11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void *arg);
#define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties"
@ -1173,12 +1166,7 @@ static PRBool DecryptionAllowedCallback(SECAlgorithmID *algid,
return SECMIME_DecryptionAllowed(algid, bulkkey);
}
#ifdef NSS_3_4
static void * GetPasswordKeyCallback(void *arg, void *handle)
#else
static SECItem * GetPasswordKeyCallback(void *arg,
SECKEYKeyDBHandle *handle)
#endif
{
return NULL;
}

8
security/manager/ssl/src/nsPKCS11Slot.cpp
Просмотреть файл

@ -291,12 +291,8 @@ NS_IMETHODIMP
nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module **_retval)
{
nsCOMPtr<nsIPKCS11Module> module =
#ifdef NSS_3_4
new nsPKCS11Module(SECMOD_CreateModule(NULL,SECMOD_INT_NAME,
NULL,SECMOD_INT_FLAGS));
#else
new nsPKCS11Module(SECMOD_GetInternalModule());
#endif
if (!module)
return NS_ERROR_OUT_OF_MEMORY;
*_retval = module;
@ -309,12 +305,8 @@ NS_IMETHODIMP
nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module **_retval)
{
nsCOMPtr<nsIPKCS11Module> module =
#ifdef NSS_3_4
new nsPKCS11Module(SECMOD_CreateModule(NULL, SECMOD_FIPS_NAME, NULL,
SECMOD_FIPS_FLAGS));
#else
new nsPKCS11Module(SECMOD_GetFIPSInternal());
#endif
if (!module)
return NS_ERROR_OUT_OF_MEMORY;
*_retval = module;