The fix restores some old code that was removed as part of our
performance work (Bugzilla bug 145322). Thus, there may be a
slight performance hit, but obviously, we need to have correct
code first.
This is a part of the code I really don't like. To summarize,
there was a hack put in a long time ago to make sure that the
PKCS#11 session in which the SSL keys are generated was never
closed until the last key was deleted. This only worked by chance,
and if any part of the code was changed (as was the case here), this
unstable equilibrium would be lost. As with all hacks, it wasn't
really documented, so the problem escaped our notice. As a result of
putting the hack back in, we're going back to the horribly wasteful
operation of opening 4 sessions and immediately closing them. I intend
to have a proper solution in a later release.
counts. The reference count should not be read "naked". Instead, we
should simply use the return value of PR_AtomicDecrement for the result of
the decrement.
Modified Files: dev/devmod.c dev/devslot.c dev/devtoken.c pki/certificate.c
pki/pkibase.c
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.comsr=bzbarsky@mit.edumoa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
right way. The basename function that we were using only works when
$(OS_RELEASE) has exactly three components. The patch is contributed by
Ed Catmur <ed@catmur.co.uk>. r=wtc.
add an ok button which can be used to dismiss the window, inherit the ok/help buttons from the dialog
overlay.
Add spacing between the tree control and the edit / delete buttons underneath the tree control.
r=kaie
sr=sspitzer
DB causes NSS_Shutdown to fail. Two files were changed. 1. crl.c: we
should not obtain a slot reference because PK11_FindCrlByName already
obtained a slot reference. 2. pk11cert.c: cleaned up code and fixed a slot
reference leak if the SECITEM_AllocItem call fails. r=nelsonb.
the adoption of session is not thread safe. This eliminates most of the
saving of sessions, but we must be correct first, and then optimize.
r=nicolson,nelsonb.
Modified Files: pk11func.h pk11skey.c
Change loops over RDNs and AVAs to detect NULL pointers.
Change list of attribute type "keywords" to match RFCs and internet
drafts.
Quote attribute values strings that contain adjacent embedded blanks.
Don't quote hex string values.
Always use hex string values when type OID is unrecognized.
because it is a private function. Change the interface for this
function so that it returns a SECStatus, unambiguously indicating the
success or failure of the name constraints test. The function no
longer takes a list of cert subject names, instead, it takes a list
of cert pointers, and optionally outputs one of those pointers when
an error occurs. This eliminates a cert reference leak.
time when the list of cert names is being built and builds a GeneralName
out of it, just as if the rfc822 name had come from a subject alt name
extension. This way, no special handling is needed of either directory
names or rfc822 names in the name constraints code. The special "phase 1"
loop in cert_CompareNameWithConstraints disappears compmletely. And all
the cases in the (former phase 2) loop can now simply assert that the
name's type matches the constraint's type exactly.
This patch also factors out the code that creates new CERTGeneralNames and
that copies a single CERTGeneralName into new separate functions. This
eliminates a lot of duplicated code whose correctness required lengthy
inspection. Now these primitive operations are centralized.
wtc%netscape.com
neil%parkwaycc.co.uk
kairo%kairo.at
glen.beasley%sun.com
brendan%mozilla.org
nicolson%netscape.com
nelsonb%netscape.com
bishakhabanerjee%netscape.com
bzbarsky%mit.edu
caillon%returnzero.com
jpierre%netscape.com
jaggernaut%netscape.com
scott%scott-macgregor.org
kaie%netscape.com