modify last patch to only take effect if the slot certs are not publicly readable, and to not update the token cert list more than once

security/nss/lib/pk11wrap/pk11slot.c

@@ -725,8 +725,9 @@ PK11_Logout(PK11SlotInfo *slot)
     PK11_EnterSlotMonitor(slot);
     crv = PK11_GETTAB(slot)->C_Logout(slot->session);
     PK11_ExitSlotMonitor(slot);
-    if (slot->nssToken) {
-	   nssToken_DestroyCertList(slot->nssToken, PR_TRUE);
+    if (slot->nssToken && !PK11_IsFriendly(slot)) {
+	/* If the slot certs are not public readable, destroy them */
+	nssToken_DestroyCertList(slot->nssToken, PR_TRUE);
     }
     if (crv != CKR_OK) {
 	PORT_SetError(PK11_MapError(crv));
@@ -1143,8 +1144,8 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
     }
     if (rv == SECSuccess) {
 	rv = pk11_CheckVerifyTest(slot);
-	if (rv == SECSuccess && slot->nssToken) {
-	    /* notify stan about the login */
+	if (rv == SECSuccess && slot->nssToken && !PK11_IsFriendly(slot)) {
+	    /* notify stan about the login if certs are not public readable */
 	    nssToken_LoadCerts(slot->nssToken);
 	}
     } else if (!attempt) PORT_SetError(SEC_ERROR_BAD_PASSWORD);

security/nss/lib/pki/pki3hack.c

@@ -32,7 +32,7 @@
  */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.36 $ $Date: 2002-02-28 22:55:29 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.37 $ $Date: 2002-03-01 21:43:55 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -247,6 +247,9 @@ nssToken_LoadCerts(NSSToken *token)
 	    if (!token->certList) {
 		return PR_FAILURE;
 	    }
+	} else if (nssList_Count(token->certList) > 0) {
+	    /* already been done */
+	    return PR_SUCCESS;
 	}
 	/* ignore the rv, just work without the list */
 	(void)nssToken_TraverseCertificates(token, NULL, &search);