зеркало из https://github.com/mozilla/gecko-dev.git
1) When looking for a trust token, return tokens in the following priority order:
1) r/w token with trust. 2) r/o token with trust. 3) r/w token 4) r/o token Also, don't crash if we try to change the trust on a cert in temp storage, just return an error.
This commit is contained in:
Родитель
e40ec5a687
Коммит
eb96a2084d
|
@ -32,7 +32,7 @@
|
|||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.60 $ $Date: 2002/07/10 03:24:14 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.61 $ $Date: 2002/07/10 21:34:01 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -804,6 +804,8 @@ stan_GetTrustToken
|
|||
NSSCertificate *c
|
||||
)
|
||||
{
|
||||
NSSToken *ttok = NULL;
|
||||
NSSToken *rtok = NULL;
|
||||
NSSToken *tok = NULL;
|
||||
nssCryptokiObject **ip;
|
||||
nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
|
||||
|
@ -816,16 +818,26 @@ stan_GetTrustToken
|
|||
nssToken_FindTrustForCertificate(instance->token, NULL,
|
||||
&c->encoding, &c->issuer, &c->serial,
|
||||
nssTokenSearchType_TokenOnly);
|
||||
NSSToken *ctok = instance->token;
|
||||
PRBool ro = PK11_IsReadOnly(ctok->pk11slot);
|
||||
|
||||
if (to) {
|
||||
nssCryptokiObject_Destroy(to);
|
||||
tok = instance->token;
|
||||
if (!PK11_IsReadOnly(tok->pk11slot)) {
|
||||
ttok = ctok;
|
||||
if (!ro) {
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
if (!rtok && ro) {
|
||||
rtok = ctok;
|
||||
}
|
||||
if (!tok && !ro) {
|
||||
tok = ctok;
|
||||
}
|
||||
}
|
||||
}
|
||||
nssCryptokiObjectArray_Destroy(instances);
|
||||
return tok;
|
||||
return ttok ? ttok : (tok ? tok : rtok);
|
||||
}
|
||||
|
||||
NSS_EXTERN PRStatus
|
||||
|
@ -886,7 +898,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
|
|||
td = STAN_GetDefaultTrustDomain();
|
||||
tok = stan_GetTrustToken(c);
|
||||
moving_object = PR_FALSE;
|
||||
if (PK11_IsReadOnly(tok->pk11slot)) {
|
||||
if (tok && PK11_IsReadOnly(tok->pk11slot)) {
|
||||
tokens = nssList_CreateIterator(td->tokenList);
|
||||
if (!tokens) return PR_FAILURE;
|
||||
for (tok = (NSSToken *)nssListIterator_Start(tokens);
|
||||
|
|
Загрузка…
Ссылка в новой задаче