From 7e3deea6bd76b79820b72c3b120d597a36e58f2d Mon Sep 17 00:00:00 2001 From: "ian.mcgreer%sun.com" Date: Thu, 6 Dec 2001 18:21:38 +0000 Subject: [PATCH] patches to get s/mime dual key certs working, bug 113741 --- security/nss/lib/dev/devobject.c | 21 +++++++-------------- security/nss/lib/softoken/pcertdb.c | 3 ++- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/security/nss/lib/dev/devobject.c b/security/nss/lib/dev/devobject.c index 852a431f965..6bb6aee04a0 100644 --- a/security/nss/lib/dev/devobject.c +++ b/security/nss/lib/dev/devobject.c @@ -32,7 +32,7 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: devobject.c,v $ $Revision: 1.1 $ $Date: 2001-11-28 16:23:39 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: devobject.c,v $ $Revision: 1.2 $ $Date: 2001-12-06 18:21:35 $ $Name: $"; #endif /* DEBUG */ #ifndef DEV_H @@ -457,19 +457,13 @@ nssToken_ImportCertificate return add_object_instance(&cert->object, tok, handle, td, cc); } -struct cert_search_index_str -{ - NSSDER issuer; - NSSDER serial; -}; - static PRBool compare_cert_by_issuer_sn(void *a, void *b) { - NSSCertificate *c = (NSSCertificate *)a; - struct cert_search_index_str *csi = (struct cert_search_index_str *)b; - return (nssItem_Equal(&c->issuer, &csi->issuer, NULL) && - nssItem_Equal(&c->serial, &csi->serial, NULL)); + NSSCertificate *c1 = (NSSCertificate *)a; + NSSCertificate *c2 = (NSSCertificate *)b; + return (nssItem_Equal(&c1->issuer, &c2->issuer, NULL) && + nssItem_Equal(&c1->serial, &c2->serial, NULL)); } static PRStatus @@ -479,7 +473,6 @@ retrieve_cert(NSSToken *t, nssSession *session, CK_OBJECT_HANDLE h, void *arg) PRBool found; nssTokenCertSearch *search = (nssTokenCertSearch *)arg; NSSCertificate *cert = NULL; - struct cert_search_index_str csi; nssListIterator *instances; nssPKIObjectInstance *oi; CK_ATTRIBUTE issuersn_tmpl[] = { @@ -488,6 +481,7 @@ retrieve_cert(NSSToken *t, nssSession *session, CK_OBJECT_HANDLE h, void *arg) }; CK_ULONG ist_size = sizeof(issuersn_tmpl) / sizeof(issuersn_tmpl[0]); if (search->cached) { + NSSCertificate csi; /* a fake cert for indexing */ nssrv = nssCKObject_GetAttributes(h, issuersn_tmpl, ist_size, NULL, session, t->slot); NSS_CK_ATTRIBUTE_TO_ITEM(&issuersn_tmpl[0], &csi.issuer); @@ -603,17 +597,16 @@ nssToken_TraverseCertificatesByNickname if (nssrv != PR_SUCCESS) { return nssrv; } -#if 0 /* This is to workaround the fact that PKCS#11 doesn't specify * whether the '\0' should be included. XXX Is that still true? * im - this is not needed by the current softoken. However, I'm * leaving it in until I have surveyed more tokens to see if it needed. + * well, its needed by the builtin token... */ nick_tmpl[1].ulValueLen++; nssrv = traverse_objects_by_template(token, sessionOpt, nick_tmpl, ntsize, retrieve_cert, search); -#endif return nssrv; } diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c index f690f34385e..0f25ca699b2 100644 --- a/security/nss/lib/softoken/pcertdb.c +++ b/security/nss/lib/softoken/pcertdb.c @@ -34,7 +34,7 @@ /* * Permanent Certificate database handling code * - * $Id: pcertdb.c,v 1.4 2001-11-30 23:24:30 relyea%netscape.com Exp $ + * $Id: pcertdb.c,v 1.5 2001-12-06 18:21:38 ian.mcgreer%sun.com Exp $ */ #include "prtime.h" @@ -3073,6 +3073,7 @@ AddCertToPermDB(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, /* add to or create new subject entry */ if ( subjectEntry ) { /* REWRITE BASED ON SUBJECT ENTRY */ + cert->dbhandle = handle; rv = AddPermSubjectNode(subjectEntry, cert, nickname); if ( rv != SECSuccess ) { goto loser;