jpierre%netscape.com
d57baf5140
Fix for 158221 - make crlutil save memory by using the new PK11_ImportCRL function with the CRL_DECODE_DONT_COPY_DER option
2002-07-19 01:07:27 +00:00
jpierre%netscape.com
a82b9f46ba
158005 - add new CRL decode and import functions . Benefits are :
...
- ability to import to any slot
- ability to specify decode options, such as "don't copy DER"
- ability to specify import options, such as "don't do CRL checks"
This patch also maps the existing functions SEC_NewCrl and CERT_ImportCRL
to this new function, eliminating the code duplication that existed
2002-07-19 00:59:34 +00:00
jpierre%netscape.com
9a7c0e7303
Fix for 156802 - remove improper check in CRL decoding
2002-07-19 00:12:13 +00:00
jpierre%netscape.com
c509948a27
Remove unreferenced variables
2002-07-18 23:50:03 +00:00
jpierre%netscape.com
24426f202b
Fix for 139292 - NSS_NoDBInit regression
2002-07-18 23:08:55 +00:00
jpierre%netscape.com
0ef036408f
Fix usage
2002-07-17 22:53:33 +00:00
jpierre%netscape.com
e7033fb486
Fix for 157996 - add support for SEC_NewCrl browser emulation mode in crlutil
2002-07-17 22:22:26 +00:00
wtc%netscape.com
aa78a2f343
Bug 157946: removed the unused -m option. Added the -v option to Usage().
2002-07-17 18:39:02 +00:00
jpierre%netscape.com
2c39c4639f
Fix for 153245
2002-07-17 00:21:09 +00:00
wtc%netscape.com
56c3c291e5
Bug 157750: handle the possibility that some certs do not have a label.
2002-07-16 21:13:40 +00:00
relyea%netscape.com
ccf95e381c
Automatically recover from database corruptions when importing new certs.
2002-07-16 16:44:22 +00:00
jpierre%netscape.com
dc151802c8
Make certutil use the new CERT_VerifyCertificate function when verifying certs
2002-07-16 00:45:50 +00:00
relyea%netscape.com
f181c1c7a2
Fix solaris signed/unsigned warnings.
...
On updating nicknames, create a nickname record if one doesn't exist (that is
somehow the database got corrupted).
2002-07-13 02:45:04 +00:00
relyea%netscape.com
08f068a1b9
Update the CERTDB_USER bits when our key gets imported through pkcs #12 .
2002-07-12 03:27:44 +00:00
jpierre%netscape.com
a0d70e4967
Make CERT_VerifyCertificate actually work . Oops.
2002-07-12 02:37:49 +00:00
relyea%netscape.com
eb96a2084d
1) When looking for a trust token, return tokens in the following priority order:
...
1) r/w token with trust.
2) r/o token with trust.
3) r/w token
4) r/o token
Also, don't crash if we try to change the trust on a cert in temp storage, just return an error.
2002-07-10 21:34:01 +00:00
wtc%netscape.com
a71935e132
Bug 155626: Handle the failure of ocsp_CreateCertID and use the new
...
CERT_GetOCSPResponseStatus function.
2002-07-10 15:16:10 +00:00
wtc%netscape.com
28c55e9bf1
Sorted the NSS 3.6 symbols in alphabetical order.
2002-07-10 15:04:23 +00:00
jpierre%netscape.com
9f541c35f5
Fix for 149832 :
...
do not check certUsageVerifyCA
clean-up comments
correctly check for signature after first try
2002-07-10 05:02:46 +00:00
jpierre%netscape.com
79e42fa05e
Back out last change
2002-07-10 03:41:02 +00:00
jpierre%netscape.com
e7792d0931
Fix bug in new CERT_VerifyCertificate function - fix for 149832
2002-07-10 03:30:15 +00:00
relyea%netscape.com
30e66d1db6
Handle the case where the cert is in both the built-ins and the internal module.
2002-07-10 03:24:14 +00:00
relyea%netscape.com
a035ec8c53
Don't crash if a pkcs #11 device gives us an invalid CRL (or even a valid CRL that we don't know how to parse).
2002-07-10 01:31:01 +00:00
relyea%netscape.com
e42ef90c97
Don't delete the nickname entry until we go to delete the subject entry as well.
2002-07-10 01:04:10 +00:00
jpierre%netscape.com
9bfb36161f
Fix for 154212
2002-07-10 00:56:16 +00:00
jpierre%netscape.com
c101367238
Fix for 154212 - update patch for CERT_SaveSMimeProfile based on Bob's comments
2002-07-10 00:07:39 +00:00
wtc%netscape.com
f1205a5879
Removed README.TXT, which is just README with Windows line endings (CRLF).
2002-07-09 17:11:25 +00:00
wtc%netscape.com
93a5154bf5
Added the README file, which explains how to add a root CA certificate to
...
the nssckbi loadable root certs module.
2002-07-09 17:00:30 +00:00
relyea%netscape.com
73bc75ae28
treat lastTime of 0 as never having checked (not within the interval).
2002-07-09 04:40:35 +00:00
relyea%netscape.com
006e3925e9
1) fix return type warning in pk11ListCertsCallback.
...
2) treat lastTime==0 as always outside the delay time. (removes spurious
prompts in FIPS mode on some platforms.)
2002-07-09 04:39:35 +00:00
jpierre%netscape.com
967d483ebe
Add new CERT_VerifyCertificate function - fix for 149832
2002-07-04 03:09:49 +00:00
javi%netscape.com
6f5c3918c6
Go back to the lower case mechanism for the ocspResponse_* flags.
2002-07-03 20:22:27 +00:00
javi%netscape.com
218a44e67b
Final patch for Bug 155626 which enables 3rd party apps to use the NSS
...
libraries to encode/decode OCSP responses/requests on their own.
2002-07-03 20:18:10 +00:00
javi%netscape.com
7c36eac5d2
Use the newly exported symbol names.
2002-07-03 00:13:25 +00:00
javi%netscape.com
1f078c5776
Break up OCSP so that 3rd party apps can send off an OCSP request and parse
...
it.
2002-07-03 00:02:39 +00:00
relyea%netscape.com
4f9e4c1700
Handle the case where we don't get the Token object from NewToken (It gets converted from a session object in handleobjects).
2002-07-02 19:58:49 +00:00
relyea%netscape.com
6880c87a8d
More performance improvements in listing certs:
...
1) reduce more short term memory allocate/frees.
2) remove sha1 hash calculations from critical paths.
3) when listing user certs, skip decoding of non-user certs.
2002-07-02 15:11:29 +00:00
relyea%netscape.com
af924e2843
Initialize type fields to supress purify uninitialized reference warnings.
2002-06-28 03:00:10 +00:00
jpierre%netscape.com
6f31863e61
Add VISA root cert - bug 139874
2002-06-28 01:07:37 +00:00
wtc%netscape.com
c81143956b
Bugzilla bug 154656: changed "softoken" to "softokn" to match the file
...
name.
2002-06-27 18:34:17 +00:00
jpierre%netscape.com
7ecdf837d4
Fix for 154212 - make CERT_SaveSMimeProfile copy the cert to the database if it comes from an external source
2002-06-27 00:18:35 +00:00
relyea%netscape.com
43480112f3
Initialize type field to clear off purify warnings.
2002-06-25 23:00:59 +00:00
relyea%netscape.com
c8d5ba28b5
Don't force the update if the cert doesn't already exist.
2002-06-25 22:58:13 +00:00
relyea%netscape.com
87a3188583
Collect the full names of the certs, not just the stan names.
2002-06-25 22:57:22 +00:00
relyea%netscape.com
6061b43df2
Add new function which returns the NSS 3.4 style nickname directly from a
...
NSSCertificate structure.
2002-06-25 22:33:37 +00:00
ian.mcgreer%sun.com
4091f82677
two more places to dump templates
2002-06-25 19:40:16 +00:00
ian.mcgreer%sun.com
bb3bfc1199
fix AIX builds, 64-bit compiler chokes on large switches in debug builds
2002-06-25 16:57:40 +00:00
relyea%netscape.com
5fc7efb515
Fix solaris compiler error/warning. Fix prototype to return correct value (PRBool not PRStatus).
2002-06-24 23:54:16 +00:00
relyea%netscape.com
7caefab6ed
Don't decode or extract trust for certs if we are just getting the nicknames -- particularly for user certs.
2002-06-24 22:36:59 +00:00
ian.mcgreer%sun.com
2a67969b3c
fix broken AIX builds
2002-06-24 22:29:12 +00:00
ian.mcgreer%sun.com
b73a1edc81
log more mechanisms and templates
2002-06-24 22:22:57 +00:00
relyea%netscape.com
cbeed1cfd5
Copy the type value as well as the rest.
2002-06-24 21:57:27 +00:00
relyea%netscape.com
7cc9843630
More performance improvements for PK11ListCerts/ CERT_GetUserCertByUsage().
2002-06-24 21:54:41 +00:00
nelsonb%netscape.com
071fe9ae9c
Fix bug 135261. Create symbolic names for the values 2 and 3 for the
...
SSL_REQUIRE_CERTIFICATE option. Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.
2002-06-22 01:40:32 +00:00
relyea%netscape.com
3c89da1564
Need to preserve non-modifiable trustbits.
2002-06-21 22:28:03 +00:00
relyea%netscape.com
aa8dddaacb
zero structure before we fill it in, not after
2002-06-21 20:25:49 +00:00
wtc%netscape.com
47b432c0f5
Bug 153380: TLS is enabled by default now.
2002-06-21 18:25:46 +00:00
javi%netscape.com
b81e7cc522
Make the file C++ friendly.
2002-06-20 22:32:38 +00:00
relyea%netscape.com
ffa0ecc514
Reduce the cost of decoding a certificate.
2002-06-20 18:53:16 +00:00
relyea%netscape.com
d7a32bbce6
reduce the calls to get the login state as these calls seem to be pretty expensive
...
for some tokens.
2002-06-20 18:49:45 +00:00
relyea%netscape.com
eb95452896
Patches to reduce the cost of getting attributes on certs or finding certs in lists.
2002-06-20 18:46:47 +00:00
ian.mcgreer%sun.com
48d6b949c1
bug 98926, PKCS#11 session logging
2002-06-19 18:32:57 +00:00
rangansen%netscape.com
bff8c533ce
exporting CERT_VerifyCertChain. r=relyea
2002-06-19 15:58:51 +00:00
ian.mcgreer%sun.com
4cf84d39dd
missed part of last patch (bug 145322)
2002-06-19 15:26:55 +00:00
ian.mcgreer%sun.com
e30639f9cd
bug 145322, second patch, clean up pk11_saveContextHelper
2002-06-19 15:22:54 +00:00
ian.mcgreer%sun.com
607f12501a
bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc
...
r=relyea
2002-06-19 15:21:37 +00:00
ian.mcgreer%sun.com
0992642b67
bug 150704, PK11_Finalize can crash because softoken does not implement C_XXXFinal correctly
2002-06-19 14:59:24 +00:00
bishakhabanerjee%netscape.com
19dbdc5df8
correcting init_mcom function to enable "nssqa" to run at Netscape - 150752
2002-06-18 21:45:31 +00:00
relyea%netscape.com
6f356a0f36
1) Map flags both coming and going.
...
2) Finish transaction of the target database not the source database.
2002-06-18 16:41:41 +00:00
wtc%netscape.com
29df488eaa
Bug 151940: SEC_PKCS12DecoderVerify should call SEC_ASN1DecoderFinish first
...
to detect insufficient input data error.
2002-06-18 05:00:39 +00:00
relyea%netscape.com
27153b6afb
Standardize the open flags as 'enums' when using multiaccess databases, no matter
...
if we are using PR_ versions of the flags or O_ versions of the flags.
2002-06-17 18:46:27 +00:00
relyea%netscape.com
e2f5a0ac1f
check version of the existing DB, not the updatedb.
2002-06-14 17:29:56 +00:00
relyea%netscape.com
d31340924d
Add transactions to the database update portion of the code.
2002-06-13 23:25:37 +00:00
relyea%netscape.com
3839be90f6
Update cert handle on token insertion/removal.
2002-06-13 21:43:30 +00:00
relyea%netscape.com
e84f17e0ea
Add series to keep track of object handle value validity.
2002-06-13 21:42:41 +00:00
relyea%netscape.com
b7167f5cba
Reset the cert cache and clobber cert handles on token insertion an removal
2002-06-13 21:40:43 +00:00
jpierre%netscape.com
8739d6f231
Add missing AOL root CA certs
2002-06-13 10:14:50 +00:00
relyea%netscape.com
696026ef88
When checking NeedInit status, go back and check the token in case the token
...
has been initialized offline.
2002-06-11 23:33:25 +00:00
jpierre%netscape.com
b473a8e33d
Update for root certs - bug 139874
2002-06-11 23:16:25 +00:00
kirk.erickson%sun.com
80cae9e038
Fixed indentation caught by Wan-Teh (66606).
2002-06-11 22:41:45 +00:00
kirk.erickson%sun.com
6e3d00368d
Resolves 66606. Added -O (enable OCSP checking).
2002-06-11 16:29:28 +00:00
ddrinan%netscape.com
c87736a06b
Bug 150708. Incorrect keysize when finding bulk alg. r=wtc.
2002-06-10 22:00:32 +00:00
relyea%netscape.com
bb528345ff
Return public and private keys in the order specified by the PKCS #11 spec.
2002-06-10 20:33:31 +00:00
jpierre%netscape.com
165951e036
Fix for 141256 - rewrite OCSP HTTP download code to fix error handling
2002-06-06 01:05:40 +00:00
jpierre%netscape.com
42c9d8d43b
Fix for 139874 - Inject Latest CA Root Certs
2002-06-06 00:12:56 +00:00
thayes%netscape.com
9355438f45
Reserve OID (netscape_name_components 2) - see 605437
2002-06-04 21:46:05 +00:00
bishakhabanerjee%netscape.com
76c8329a07
to build the new NSS tests.. bugzilla bug 144316
2002-06-03 17:16:57 +00:00
wtc%netscape.com
c99a93829c
Backed out the previous checkin, which is not being used and triggers
...
a bug in gmake 3.76.1 with MKS shell on Windows.
2002-06-01 04:31:44 +00:00
wtc%netscape.com
a1598af613
Use $(DLL_SUFFIX) instead of ${DLL_SUFFIX}.
2002-06-01 04:25:38 +00:00
nicolson%netscape.com
fa1fbd5d69
Fix 147794: PK11_ImportDERPrivateKeyInfoAndReturnKey frees the private key incorrectly.
2002-06-01 00:43:46 +00:00
rangansen%netscape.com
b355617820
Fix to ensure change password on db is commited - using rv == SECSuccess would actually abort it.
...
r = wtc
2002-06-01 00:37:00 +00:00
wtc%netscape.com
6a49741d7d
This is a test. I changed Revision and Date to bogus values and want to
...
see what actually got checked in.
2002-05-30 02:08:07 +00:00
wtc%netscape.com
118670f573
Import NSPR 4.2 and DBM 1.61.
2002-05-30 00:36:48 +00:00
ian.mcgreer%sun.com
7ad9c0cc44
bug 136701, certutil should use PK11_ListCerts
2002-05-29 18:19:33 +00:00
kirk.erickson%sun.com
9ef935cd78
Fixed OCSP typo.
2002-05-28 18:26:37 +00:00
wtc%netscape.com
a0715a5bd0
Bug 142575: use the PRIVATE keyword for the /EXPORT linker option.
2002-05-25 16:00:55 +00:00
wtc%netscape.com
278f8fcbfa
Bug 142575: use the /EXPORT linker option on the command line.
...
Modified files: nssinit.c config.mk
2002-05-25 06:52:19 +00:00
wtc%netscape.com
c82e51fc58
Bug 142575: a better fix.
2002-05-25 01:02:39 +00:00
wtc%netscape.com
54db8b9c90
Bug 142575: added function forwarder for 'mktemp' for "bug compatibility".
2002-05-24 21:00:55 +00:00
javi%netscape.com
d19ba0f868
Make pkcs12.h C++ friendly.
2002-05-24 20:11:29 +00:00