Bug: 201483

Fix Description: Replaced PK11_FindCertFromNickname() with CERT_FindUserCertByUsage(), using a cert usage of SSL Client.  This should only find certs that are used for SSL Clients, which is the type of cert we want in this context (as opposed to e.g. an email signing cert).  The LDAPSSLSessionInfo* ssip is passed now as the context argument.  Moved calling PK11_SetPasswordFunc before CERT_FindUserCertByUsage() in case CERT_FindUserCertByUsage() needs it for some reason.

directory/c-sdk/ldap/libraries/libssldap/ldapsinit.c

@@ -1169,14 +1169,6 @@ get_keyandcert( LDAPSSLSessionInfo *ssip,
     CERTCertificate	*cert;
     SECKEYPrivateKey	*key;
 
-    if (( cert = PK11_FindCertFromNickname( ssip->lssei_certnickname, NULL ))
-		== NULL ) {
-	if ( errmsgp != NULL ) {
-	    *errmsgp = "unable to find certificate";
-	}
-	return( SECFailure );
-    }
-
     if (!ssip->lssei_using_pcks_fns && NULL != ssip->lssei_keypasswd) {
 	/*
 	 * XXX: This function should be called only once, and probably
@@ -1185,7 +1177,14 @@ get_keyandcert( LDAPSSLSessionInfo *ssip,
 	PK11_SetPasswordFunc( get_keypassword );
     }
     
-
+    if (( cert = CERT_FindUserCertByUsage( CERT_GetDefaultCertDB(), ssip->lssei_certnickname,
+					   certUsageSSLClient, PR_FALSE, (void *)ssip ))
+		== NULL ) {
+	if ( errmsgp != NULL ) {
+	    *errmsgp = "unable to find certificate";
+	}
+	return( SECFailure );
+    }
 
     if (( key = PK11_FindKeyByAnyCert( cert, (void *)ssip )) == NULL ) {
 	CERT_DestroyCertificate( cert );