cause NSS shutdown and the next NSS initialization to fail but do not
destroy the cert caches (and the crypto context and trust domain containing
them) to avoid a crash if the NSS client destroys the certs later. New
error codes needed to be added to indicate the failure of NSS shutdown and
NSS initialization due to this cause.
Modified Files:
base/errorval.c nss/nssinit.c pki/pki3hack.c pki/pki3hack.h
pki/pkistore.c pki/pkistore.h pki/tdcache.c pki/trustdomain.c
util/secerr.h
1) use NewTempCert rather than DERDecode cert in all import cert cases.
When DERDecode cert is used, we may wind up with a cert that gets cleared
when we try to import it because it already in the cache. NewTempCert will
return the version that is in the cache.
2) If we are returning the CAList, only return certs that are CA's
(not usercerts).
3) Authenticate to all the tokens if necessary before we try to list
certs. (Stan code should eventually get automatic authentication calls in
the code itself).
4) When looking up user certs, don't return those certs with the same
subject, but do not have any key material associated with them (that is
don't crash if we have old certs in our database without nicknames, but
match user certs on our smart cards).
5) Save the nickname associated with our subject list in the temp
cache so we can correctly remove the entry even if the cert's nickname
changes (because of smart card insertions and removals, or because of
creation and deletions of our user cert).
* clean up compatibilty issues with PKCS#11 serial numbers. Need to search both encoded and decoded values, while making sure stan code only deals with DER value
- correct reference counting when combining certs taken from cache and obtained new
- cache keys need to be alloc'ed, for the case when one cert is used to create the cache entry, another (same subject/nick/email) is added, then the first is removed and freed
* separate trust object from cert object
* move handling of cryptoki objects into libdev
* implement digest in libdev (for trust object indexing)
* fixes in cache implementation; connect cache to 3.4 certs
* implement CERT_NewTempCertificate via crypto context
clean up of the escape adding string code.
Code to keep cert->trust in sync with nscert->trust in various situations.
Code to allow old version of built-ins to continue to work.
Implement TrustDomain_TraverseCertificates so that PK11_ListCerts will work.
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
Implement some basic certificate routines.
Define some of the PKI types.
Implement some trust domain routines, but only for testing purposes.
Allow for building as shared library.
wtc%netscape.com
nelsonb%netscape.com
ian.mcgreer%sun.com
relyea%netscape.com
mcgreer%netscape.com