function names containing SubjectKey and PublicKey. Moved internal
functions to private headers and use the lowercase cert_ prefix for the
internal functions for subject key ID mapping hash table. r=nelsonb.
1) use NewTempCert rather than DERDecode cert in all import cert cases.
When DERDecode cert is used, we may wind up with a cert that gets cleared
when we try to import it because it already in the cache. NewTempCert will
return the version that is in the cache.
2) If we are returning the CAList, only return certs that are CA's
(not usercerts).
3) Authenticate to all the tokens if necessary before we try to list
certs. (Stan code should eventually get automatic authentication calls in
the code itself).
4) When looking up user certs, don't return those certs with the same
subject, but do not have any key material associated with them (that is
don't crash if we have old certs in our database without nicknames, but
match user certs on our smart cards).
5) Save the nickname associated with our subject list in the temp
cache so we can correctly remove the entry even if the cert's nickname
changes (because of smart card insertions and removals, or because of
creation and deletions of our user cert).
Debug builds can verify correct operation by setting NSS_STRICT_SHUTDOWN, which
will cause an assert if shutdown is called but not all the modules are freed (which
means a slot, key, or cert reference has been leaked).
clean up of the escape adding string code.
Code to keep cert->trust in sync with nscert->trust in various situations.
Code to allow old version of built-ins to continue to work.
Implement TrustDomain_TraverseCertificates so that PK11_ListCerts will work.
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
Add necessary exported symbols.
Fix bug in NSS_Initialize where we weren't passing the read only paramter
through.
Add function to search for Certificate Lists so that Traverse does not need to
be exposed.
Update pkcs11 names.
address of an external variable that comes from another DLL.
This is a fundamental difference between WIN32 DLLs and Unix DSOs.
So, for every SEC_ASN1Template inside of libnss3 that is referenced by
other templates outside of libnss3, a new "chooser" function was created
that returns the address of that template. For WIN32, the templates
outside of libnss3 access libnss3's templates by the chooser function
rather than by direct reference. Some simple macros allow Unix to
continue to use direct references, avoiding the extra function calls.
With these changes, all.sh (qa script) passes all tests on NT with DLLs.
Modified Files:
cmd/checkcert/checkcert.c cmd/lib/secutil.c lib/asn1/asn1t.h
lib/certdb/certdb.c lib/certdb/certt.h lib/certdb/crl.c
lib/certhigh/certreq.c lib/crmf/asn1cmn.c lib/crmf/crmfcont.c
lib/crmf/crmftmpl.c lib/cryptohi/secsign.c lib/nss/nss.def
lib/pkcs12/p12local.c lib/pkcs12/p12tmpl.c
lib/pkcs7/certread.c lib/pkcs7/p7decode.c lib/pkcs7/p7local.c
lib/smime/cmsasn1.c lib/smime/cmsattr.c lib/smime/cmspubkey.c
lib/smime/cmssigdata.c lib/smime/smimeutil.c
lib/softoken/keydb.c lib/softoken/keydbt.h lib/util/secalgid.c
lib/util/secasn1.h lib/util/secasn1d.c lib/util/secasn1t.h
lib/util/secasn1u.c lib/util/secdig.c lib/util/secdig.h
lib/util/secoid.h
nelsonb%netscape.com
wtc%netscape.com
jpierre%netscape.com
ian.mcgreer%sun.com
relyea%netscape.com
larryh%netscape.com
chrisk%netscape.com