зеркало из https://github.com/mozilla/gecko-dev.git
1) When looking for a trust token, return tokens in the following priority order:
1) r/w token with trust. 2) r/o token with trust. 3) r/w token 4) r/o token Also, don't crash if we try to change the trust on a cert in temp storage, just return an error.
This commit is contained in:
Родитель
e40ec5a687
Коммит
eb96a2084d
|
@ -32,7 +32,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.60 $ $Date: 2002/07/10 03:24:14 $ $Name: $";
|
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.61 $ $Date: 2002/07/10 21:34:01 $ $Name: $";
|
||||||
#endif /* DEBUG */
|
#endif /* DEBUG */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -804,6 +804,8 @@ stan_GetTrustToken
|
||||||
NSSCertificate *c
|
NSSCertificate *c
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
|
NSSToken *ttok = NULL;
|
||||||
|
NSSToken *rtok = NULL;
|
||||||
NSSToken *tok = NULL;
|
NSSToken *tok = NULL;
|
||||||
nssCryptokiObject **ip;
|
nssCryptokiObject **ip;
|
||||||
nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
|
nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
|
||||||
|
@ -816,16 +818,26 @@ stan_GetTrustToken
|
||||||
nssToken_FindTrustForCertificate(instance->token, NULL,
|
nssToken_FindTrustForCertificate(instance->token, NULL,
|
||||||
&c->encoding, &c->issuer, &c->serial,
|
&c->encoding, &c->issuer, &c->serial,
|
||||||
nssTokenSearchType_TokenOnly);
|
nssTokenSearchType_TokenOnly);
|
||||||
|
NSSToken *ctok = instance->token;
|
||||||
|
PRBool ro = PK11_IsReadOnly(ctok->pk11slot);
|
||||||
|
|
||||||
if (to) {
|
if (to) {
|
||||||
nssCryptokiObject_Destroy(to);
|
nssCryptokiObject_Destroy(to);
|
||||||
tok = instance->token;
|
ttok = ctok;
|
||||||
if (!PK11_IsReadOnly(tok->pk11slot)) {
|
if (!ro) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
if (!rtok && ro) {
|
||||||
|
rtok = ctok;
|
||||||
|
}
|
||||||
|
if (!tok && !ro) {
|
||||||
|
tok = ctok;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
nssCryptokiObjectArray_Destroy(instances);
|
nssCryptokiObjectArray_Destroy(instances);
|
||||||
return tok;
|
return ttok ? ttok : (tok ? tok : rtok);
|
||||||
}
|
}
|
||||||
|
|
||||||
NSS_EXTERN PRStatus
|
NSS_EXTERN PRStatus
|
||||||
|
@ -886,7 +898,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
|
||||||
td = STAN_GetDefaultTrustDomain();
|
td = STAN_GetDefaultTrustDomain();
|
||||||
tok = stan_GetTrustToken(c);
|
tok = stan_GetTrustToken(c);
|
||||||
moving_object = PR_FALSE;
|
moving_object = PR_FALSE;
|
||||||
if (PK11_IsReadOnly(tok->pk11slot)) {
|
if (tok && PK11_IsReadOnly(tok->pk11slot)) {
|
||||||
tokens = nssList_CreateIterator(td->tokenList);
|
tokens = nssList_CreateIterator(td->tokenList);
|
||||||
if (!tokens) return PR_FAILURE;
|
if (!tokens) return PR_FAILURE;
|
||||||
for (tok = (NSSToken *)nssListIterator_Start(tokens);
|
for (tok = (NSSToken *)nssListIterator_Start(tokens);
|
||||||
|
|
Загрузка…
Ссылка в новой задаче