From eb96a2084d08b18f304e94c043c26a62ff337dbb Mon Sep 17 00:00:00 2001 From: "relyea%netscape.com" Date: Wed, 10 Jul 2002 21:34:01 +0000 Subject: [PATCH] 1) When looking for a trust token, return tokens in the following priority order: 1) r/w token with trust. 2) r/o token with trust. 3) r/w token 4) r/o token Also, don't crash if we try to change the trust on a cert in temp storage, just return an error. --- security/nss/lib/pki/pki3hack.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 27575e881961..063f679016cf 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -32,7 +32,7 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.60 $ $Date: 2002/07/10 03:24:14 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.61 $ $Date: 2002/07/10 21:34:01 $ $Name: $"; #endif /* DEBUG */ /* @@ -804,6 +804,8 @@ stan_GetTrustToken NSSCertificate *c ) { + NSSToken *ttok = NULL; + NSSToken *rtok = NULL; NSSToken *tok = NULL; nssCryptokiObject **ip; nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object); @@ -816,16 +818,26 @@ stan_GetTrustToken nssToken_FindTrustForCertificate(instance->token, NULL, &c->encoding, &c->issuer, &c->serial, nssTokenSearchType_TokenOnly); + NSSToken *ctok = instance->token; + PRBool ro = PK11_IsReadOnly(ctok->pk11slot); + if (to) { nssCryptokiObject_Destroy(to); - tok = instance->token; - if (!PK11_IsReadOnly(tok->pk11slot)) { + ttok = ctok; + if (!ro) { break; } + } else { + if (!rtok && ro) { + rtok = ctok; + } + if (!tok && !ro) { + tok = ctok; + } } } nssCryptokiObjectArray_Destroy(instances); - return tok; + return ttok ? ttok : (tok ? tok : rtok); } NSS_EXTERN PRStatus @@ -886,7 +898,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) td = STAN_GetDefaultTrustDomain(); tok = stan_GetTrustToken(c); moving_object = PR_FALSE; - if (PK11_IsReadOnly(tok->pk11slot)) { + if (tok && PK11_IsReadOnly(tok->pk11slot)) { tokens = nssList_CreateIterator(td->tokenList); if (!tokens) return PR_FAILURE; for (tok = (NSSToken *)nssListIterator_Start(tokens);