115f203647
fix bug 203450
...
jarevil.c:345: warning: implicit declaration of function \
`__CERT_AddTempCertToPerm'
Obviously missing a declaration somewhere.
r=jpierr, wtc
2003-10-09 22:17:04 +00:00
7f696b676c
Fix for bug 55898 - print name of certificate causing failure in certutil . r=wtc
2003-10-08 01:00:37 +00:00
810ec798b2
Eliminate one of several redundant OID table lookups. Bug 207033.
2003-10-07 17:19:55 +00:00
8464dc0bb6
Eliminate unnecessary copying of CA names in HandleCertRequest.
...
Bug 204686.
2003-10-07 02:24:01 +00:00
655adbd496
The "valid CA" trust flag now overrides other CA cert checks.
...
Works for SSL client as well as other usages. Bug 200225
2003-10-07 02:17:56 +00:00
0cd1f0b182
Export new function PK11_ExportEncryptedPrivKeyInfo. Bug 207033.
2003-10-07 01:29:32 +00:00
a1a6a4697c
Create new function SECKEYEncryptedPrivateKeyInfo which is just like
...
SECKEYEncryptedPrivateKeyInfo except that it identifies the private
key by a private key pointer, rather than by a certificate. Bug 207033.
2003-10-07 01:26:38 +00:00
8dd13ab659
Make tstclnt work with IPv6 addresses. Bug 161610.
2003-10-06 23:50:11 +00:00
7fab02474b
Check for presence of secmod.db file prior to acting on it, for all
...
cases except "multiaccess:". Bug 220217. r=relyea
2003-10-06 23:33:03 +00:00
96f28b4691
Detect Zero length certs and zero length CA names. Bug 204686.
...
Also, eliminate unnecessary copying of incoming certs.
2003-10-03 02:01:18 +00:00
9bb8114b44
Bug 220963: need to handle the possibility that symKey may be NULL before
...
dereferencing it.
2003-10-01 23:01:46 +00:00
60c78ee111
Fix for bug 141882 - convert email query keys to lowercase when searching . r=wtc
2003-09-30 02:33:40 +00:00
347ed6b99f
Fix for bug 94413 - OCSP needs more fine tuned error messages. r=wtc
2003-09-30 01:18:55 +00:00
4b6b1fdf59
Move a brace so vi will find the beginning of the function.
2003-09-27 01:45:35 +00:00
79d90909dc
Fix for bug 219539 - support GeneralizedTime in NSS tools
2003-09-27 00:01:45 +00:00
e608b7e0f4
Fix for bug 219539 - support GeneralizedTime in NSS tools
2003-09-26 06:18:40 +00:00
3ec40f0ab7
Don't use windowed exponentiation for small public exponents.
...
Speeds up public key operations. Path contributed by
Sheueling Chang Shantz <sheueling.chang@sun.com>,
Stephen Fung <stephen.fung@sun.com>, and
Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
2003-09-26 02:15:12 +00:00
cff36272e2
Correct an inaccurate log message.
2003-09-25 21:40:02 +00:00
ec42f9469e
Fix typo
2003-09-25 00:25:06 +00:00
7bff061d97
Fix usage message to list all commands. Also, fix a few lines of
...
code that did not follow the file's convention for indentation.
Bug 203870.
2003-09-24 21:49:49 +00:00
b1d1bb21fa
Fix bug 204549. Properly handle memory allocation failures.
2003-09-23 20:47:43 +00:00
3a76d91edd
Bugzilla bug 204549: find_objects_by_template was not setting *statusOpt
...
before one return statement. r=nelsonb.
2003-09-23 20:34:15 +00:00
aeaa70ccff
Correctly compute certificate fingerprints. Bug 220016.
2003-09-23 02:05:47 +00:00
945c4207d2
Fix for 215182 - certutil prints incorrect nickname. r=wtc
2003-09-23 00:10:54 +00:00
95dc921cc9
Bugzilla bug 219713: fixed build bustage on all Unix platforms. We need
...
to export CERT_TimeChoiceTemplate as data for Unix.
2003-09-19 18:00:48 +00:00
1b89629c4e
Fix for 219082 - support GeneralizedTime in PKCS#7 signatures. r=nelsonb, sr=wtc
2003-09-19 04:16:19 +00:00
a1dfac9b48
Fix for 219524 - support GeneralizedTime in S/MIME v3 signatures. r=wtc, sr=nelsonb
2003-09-19 04:14:50 +00:00
7d744437c3
Fix for bug 143334 : add support for GeneralizedTime in certificates and CRLs. r=wtc,nelsonb
2003-09-19 04:08:51 +00:00
ac38bd8aeb
Fix for 215214 - make certutil show all instances of certs . r=wtc
2003-09-18 02:00:32 +00:00
b58d136a9c
The isOnList function is now unused.
2003-09-18 01:28:52 +00:00
81db50ddf4
Fix for bug 215186 - add missing options to PK11_ListCerts . r=wtc
2003-09-18 00:22:18 +00:00
58f736296d
Add comment in the header for PK11_FindSlotsByAliases
2003-09-12 22:11:31 +00:00
eb363f3753
Bugzilla bug 215152: removed redundant pointer tests. Use
...
SEC_ERROR_LIBRARY_FAILURE for NSS internal errors.
2003-09-12 20:01:56 +00:00
f56dde49b6
Bugzilla bug 217247: improved the memory leak fix for the appData nicknames
...
returned by PK11_ListCerts. Instead of allocating them from the heap first
and copying to the arena, allocate them from the arena directly. r=jpierre
Modified Files: certhigh.c pk11cert.c pki3hack.h pki3hack.c
2003-09-12 19:38:04 +00:00
ecf1666d78
Bugzilla bug 214535: fixed a recursive dead lock on cache->lock. We must
...
not call nssSlot_IsTokenPresent while cache->lock is locked because
that function may call nssToken_Remove, which locks cache->lock. r=mcgreer
2003-09-12 19:17:15 +00:00
8b5794a66c
Bugzilla bug 208971: remove obsolete Mac CFM build files from NSS.
2003-09-11 00:04:38 +00:00
ab28bc253c
Bugzilla bug 208971: removed obsolete Mac CFM build files from NSS.
2003-09-11 00:01:07 +00:00
763808f28e
Fix for 215152 - better error handling
2003-09-10 01:33:25 +00:00
568a561eeb
Fix for bug 215152 . Improve error handling in PK11_FindSlotsByAliases
2003-09-10 01:31:54 +00:00
1eb6b9c682
Further enhance the verbose debugging command line option in tstclnt
...
for the case where client auth is requested by the server. It will
now report the name of the cert sent to the server, or "send no cert".
2003-09-09 20:22:54 +00:00
8af297a802
Prevent crash if certlist is NULL
2003-09-09 00:54:20 +00:00
bebd4ca8a9
Fix bug 214307 - add certutil batch mode . r=wtc
2003-09-08 23:30:29 +00:00
ff3aebe85f
Add PORT_Strpbrk macro
2003-09-08 23:29:14 +00:00
f886a5b696
Fix for bug 72291 . resolve memory leak on nicknames . r=relyea
2003-09-05 00:15:52 +00:00
61d58e111a
Remove erroneous assertions
2003-09-03 23:52:01 +00:00
3bc888cc5f
Fix for bug 215152 . Export PK11_FindSlotsByAliases. r=relyea
2003-09-03 22:55:10 +00:00
509dede7ea
Add PK11_FindSlotsByAliases function . r=relyea
2003-09-03 22:48:20 +00:00
4ee83fcf13
Fix for 216701 - verify CRLs with cert verification date rather than CRL lastupdate date
2003-08-30 01:07:21 +00:00
4f4355b894
Bugzilla bug 214674: made the Linux implementation of sslMutex really work.
...
They were no-ops in multiprocess mode before. The patch is Nelson
Bolyard's. r=wtc.
2003-08-28 22:23:59 +00:00
9260c97765
Fix for 214201. remove unused variable
2003-08-27 01:47:57 +00:00
b881a9a0c6
Bugzilla bug 72291: have PK11_ListCerts return all the cert instances on
...
tokens. The patch is Julien Pierre's, with changes by Wan-Teh Chang.
Modified Files: pk11wrap/pk11cert.c pki/pki3hack.c pki/pki3hack.h
2003-08-25 19:18:02 +00:00
408be85418
Bugzilla bug 209827: disable optimization to work around what appears to
...
be a VACPP optimizer bug.
2003-08-22 22:34:07 +00:00
ad699539d3
Fix for bug 216944 - CERT_VerifyCertificate optimizations issues . r= wtc
2003-08-22 18:47:07 +00:00
4520771cc7
Fix from Ian to address Bugzilla bug 202179.
...
The fix restores some old code that was removed as part of our
performance work (Bugzilla bug 145322). Thus, there may be a
slight performance hit, but obviously, we need to have correct
code first.
This is a part of the code I really don't like. To summarize,
there was a hack put in a long time ago to make sure that the
PKCS#11 session in which the SSL keys are generated was never
closed until the last key was deleted. This only worked by chance,
and if any part of the code was changed (as was the case here), this
unstable equilibrium would be lost. As with all hacks, it wasn't
really documented, so the problem escaped our notice. As a result of
putting the hack back in, we're going back to the horribly wasteful
operation of opening 4 sessions and immediately closing them. I intend
to have a proper solution in a later release.
2003-08-12 18:21:55 +00:00
5d4cb72997
Deleted useless local variable 'arena' in cert_ImportCAChain.
2003-08-08 23:15:50 +00:00
f4184b8ca1
Bugzilla bug 214695: fixed incorrect use of PR_AtomicDecrement on reference
...
counts. The reference count should not be read "naked". Instead, we
should simply use the return value of PR_AtomicDecrement for the result of
the decrement.
Modified Files: dev/devmod.c dev/devslot.c dev/devtoken.c pki/certificate.c
pki/pkibase.c
2003-08-01 02:02:47 +00:00
e7297b0a76
Fix bug 213084. Detect when cert in signature cannot be imported.
...
Detect NULL pointer, don't crash.
2003-07-31 00:16:27 +00:00
670906f939
Bug 213903: removing unused variables 'delold', 'save', 'entry'
2003-07-28 22:55:16 +00:00
0a15715c3b
Bug 213902 : removing unused variable "next" in "cert_DecodeNameConstraintSubTree"
2003-07-28 21:53:16 +00:00
ca7885b3d5
Allow freebl to build correctly under MS VC++ .net 2003 . sr=nelsonb
2003-07-22 02:04:57 +00:00
c5f5509f3f
Bugzilla bug 213158: fixed the misspelling of "attach". The patch is
...
contributed by Pierre Chanial <chanial@noos.fr>.
Modified Files: pk11slot.c secmodt.h
2003-07-19 20:49:35 +00:00
40490b50de
Backed out Bob Relyea's workaround for the deadlock in rev. 1.15. The
...
correct fix is in rev. 1.36 of tdcache.c (see Bugzilla bug 212112).
2003-07-11 21:52:04 +00:00
20f4c61bd1
Restore sslreq.txt to text form, where it will have different line
...
endings on unix, than on windows or on Mac.
2003-07-11 04:14:24 +00:00
f23e6eb763
Test with the new file sslreq.dat rather than the old file sslreq.txt.
2003-07-11 04:05:12 +00:00
886c06287a
This is sslreq.txt with a different file name, to clearly show that
...
this file is to be treated as a binary file, not as text.
2003-07-11 03:55:55 +00:00
788ad0837b
Bug 212112: we don't need to lock td->cache->lock while calling
...
STAN_ForceCERTCertificateUpdate. This fixed a recursive deadlock.
r=mcgreer.
2003-07-10 01:24:17 +00:00
0545cae9b8
Change cert_GetCertificateEmailAddresses to return NULL rather than
...
a pointer to an empty string when a cert has no email addresses.
Partial fix for bug 211540. Modified certdb/alg1485.c
2003-07-09 04:14:23 +00:00
04e80d83ca
Bug 212004: in CERT_IsUserCert we should test for a null cert->trust and
...
treat it as no trust. r=nelsonb.
2003-07-09 04:12:16 +00:00
6228d8c075
Export SEC_DupCRL and declare it in certdb.h. Bug 208194.
...
Modified Files: nss/nss.def certdb/certdb.h
2003-07-09 04:00:48 +00:00
485a88c60e
Bug 211384: fixed the bug that importing a CRL that already exists in the
...
DB causes NSS_Shutdown to fail. Two files were changed. 1. crl.c: we
should not obtain a slot reference because PK11_FindCrlByName already
obtained a slot reference. 2. pk11cert.c: cleaned up code and fixed a slot
reference leak if the SECITEM_AllocItem call fails. r=nelsonb.
2003-07-08 18:41:28 +00:00
6a76698c4e
patch to correct false failure reporting - bug 167825
2003-07-03 17:50:18 +00:00
c93f000588
Add missing declaration of NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate
2003-07-03 07:04:30 +00:00
c636fad8e7
Fix bug 211049. Another issue with empty pointer lists from group
...
decodings. Patch by Wan-Teh Chang <wtc@netscape.com>.
2003-07-01 01:16:57 +00:00
99c2efd227
Change the function definitions in dev so that the ctags program will
...
produce valid tags from these sources.
2003-07-01 00:32:22 +00:00
083003b9a2
Bug 210660: backed out the main change in the fix for bug 145322 because
...
the adoption of session is not thread safe. This eliminates most of the
saving of sessions, but we must be correct first, and then optimize.
r=nicolson,nelsonb.
Modified Files: pk11func.h pk11skey.c
2003-06-27 22:28:50 +00:00
c27a303c8d
Fix several bugs reported in bug 210707.
...
Change loops over RDNs and AVAs to detect NULL pointers.
Change list of attribute type "keywords" to match RFCs and internet
drafts.
Quote attribute values strings that contain adjacent embedded blanks.
Don't quote hex string values.
Always use hex string values when type OID is unrecognized.
2003-06-27 00:33:05 +00:00
7c5e03d5f4
Move the declaration for CERT_CompareNameSpace from cert.h to genname.h
...
because it is a private function. Change the interface for this
function so that it returns a SECStatus, unambiguously indicating the
success or failure of the name constraints test. The function no
longer takes a list of cert subject names, instead, it takes a list
of cert pointers, and optionally outputs one of those pointers when
an error occurs. This eliminates a cert reference leak.
2003-06-26 01:56:34 +00:00
7665e37260
This patch extracts rfc822 names from a cert's distinguished name at the
...
time when the list of cert names is being built and builds a GeneralName
out of it, just as if the rfc822 name had come from a subject alt name
extension. This way, no special handling is needed of either directory
names or rfc822 names in the name constraints code. The special "phase 1"
loop in cert_CompareNameWithConstraints disappears compmletely. And all
the cases in the (former phase 2) loop can now simply assert that the
name's type matches the constraint's type exactly.
This patch also factors out the code that creates new CERTGeneralNames and
that copies a single CERTGeneralName into new separate functions. This
eliminates a lot of duplicated code whose correctness required lengthy
inspection. Now these primitive operations are centralized.
2003-06-26 01:25:10 +00:00
ef5d950b09
enabling log scraping in header instead
2003-06-25 21:57:21 +00:00
545f6a1359
enabling log scraping in header instead, where RESULTDIRURL gets created
2003-06-25 21:56:19 +00:00
6ca298a1d2
removed new variable for Win platform - extra - don't need
2003-06-25 21:39:54 +00:00
1ee600f7ff
fix URL for Windows platform
2003-06-25 20:43:18 +00:00
1b045cce39
taking out un-needed stuff
2003-06-25 17:39:38 +00:00
17581e0660
Shorten the clickable text portion of RESULTDIRURL.
2003-06-25 04:23:34 +00:00
2eb554c104
enabling log scraping
2003-06-25 00:55:13 +00:00
a09e87bce0
Whitespace cleanup. This patch causes numerous lines that were wider
...
than 80 columns to be folded according to NSS coding conventions.
This patch does not fix any run-time error.
2003-06-23 23:15:33 +00:00
2ab3bc3979
CERT_EncodeGeneralName and CERT_DecodeGeneralName contain large switch
...
statements that repeat code for every case. This patch factors out that
common code from the cases, making the switches much smaller and reducing
bloat.
2003-06-21 08:10:07 +00:00
66f40f98bd
Cleanup CERT_GetGeneralNameByType so that it detects when it has
...
encountered a general name of a type that it doesn't recognize, and
so that it properly casts the return value to be of the right type.
2003-06-21 07:07:47 +00:00
9b63114ba0
The general name code uses arenas, which is good, but it never marks
...
and releases space in the arenas, so the arenas just grow and grow
until the test is completely over. This patch adds comments showing
where mark and release calls could (and probably should) be added.
It also changes CERT_CopyGeneralName to have only two exit paths,
two return statements, in preparation for the eventual use of mark and
release.
2003-06-21 06:44:43 +00:00
1042ec6f88
a) Add more missing null pointer tests that I discovered. Bug 208649.
...
b) change all PORT_*Alloc calls that allocate new structs or arrays of
same to use the PORT_*New* macros instead.
c) ifdef out some dead functions that are rife with failure to detect
allocation failures.
2003-06-21 05:23:07 +00:00
663b108222
Fix deadlock bugscape 46733
2003-06-20 23:34:46 +00:00
9948f8316d
sigh, another time
2003-06-20 23:24:11 +00:00
4d3b8d3282
one more time, trying to make link clickable
2003-06-20 18:36:57 +00:00
a98e4fc078
Declare src argument to SEC_ASN1DecodeItem to be const.
2003-06-20 01:52:19 +00:00
bc5d5ce9dc
echo out RESULTDIRURL; r=wtc
2003-06-19 23:04:25 +00:00
3d71f8851a
made RESULTDIRURL clickable link; r=wtc
2003-06-19 23:03:59 +00:00
1b06e46683
Carry Wan-Teh's fix for bug 208996 forward to trunk.
2003-06-19 03:48:19 +00:00
a4f1b04288
Fix numerous more potential NULL pointer deref crashes. Bug 208038
2003-06-19 01:08:53 +00:00
05dc77c485
checking in version 1.60 with additional space
2003-06-18 19:13:11 +00:00
1f57ddfe70
backing out my recent changes - some platforms showing tests failed
2003-06-18 08:13:07 +00:00
relyea%netscape.com
jpierre%netscape.com
nelsonb%netscape.com
wtc%netscape.com
bishakhabanerjee%netscape.com