| Index: nss/lib/pk11wrap/pk11cert.c
|
| diff --git a/nss/lib/pk11wrap/pk11cert.c b/nss/lib/pk11wrap/pk11cert.c
|
| index 3f3edb1194643f8345d3f67938b0193c9f3eeccf..1bf8a7f50bcb43396c470c7139b7facf28445c7d 100644
|
| --- a/nss/lib/pk11wrap/pk11cert.c
|
| +++ b/nss/lib/pk11wrap/pk11cert.c
|
| @@ -293,13 +293,11 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID,
|
| char * nickname = NULL;
|
| CERTCertificate *cert = NULL;
|
| CERTCertTrust *trust;
|
| - PRBool isFortezzaRootCA = PR_FALSE;
|
| - PRBool swapNickname = PR_FALSE;
|
|
|
| cert = pk11_fastCert(slot,certID,privateLabel, &nickname);
|
| if (cert == NULL)
|
| goto loser;
|
| -
|
| +
|
| if (nickname) {
|
| if (cert->nickname != NULL) {
|
| cert->dbnickname = cert->nickname;
|
| @@ -307,7 +305,6 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID,
|
| cert->nickname = PORT_ArenaStrdup(cert->arena,nickname);
|
| PORT_Free(nickname);
|
| nickname = NULL;
|
| - swapNickname = PR_TRUE;
|
| }
|
|
|
| /* remember where this cert came from.... If we have just looked
|
| @@ -343,7 +340,6 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID,
|
| * full trust on explicitly */
|
| if (PK11_DoesMechanism(slot,CKM_KEA_KEY_DERIVE)) {
|
| trust->objectSigningFlags |= CERTDB_VALID_CA;
|
| - isFortezzaRootCA = PR_TRUE;
|
| }
|
| }
|
| if ((type & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) {
|
| @@ -982,12 +978,10 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
|
| */
|
| nssPKIObject_AddInstance(&c->object, certobj);
|
| /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
|
| - * replace 'c' by a different value. So we add a reference to 'c' to
|
| + * replace 'c' with a different value. So we add a reference to 'c' to
|
| * prevent 'c' from being destroyed. */
|
| nssCertificate_AddRef(c);
|
| nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
|
| - /* XXX should we pass the original value of 'c' to
|
| - * STAN_ForceCERTCertificateUpdate? */
|
| (void)STAN_ForceCERTCertificateUpdate(c);
|
| nssCertificate_Destroy(c);
|
| SECITEM_FreeItem(keyID,PR_TRUE);
|
| @@ -2155,7 +2149,6 @@ PK11_FindCertFromDERCertItem(PK11SlotInfo *slot, const SECItem *inDerCert,
|
| {
|
| NSSDER derCert;
|
| NSSToken *tok;
|
| - NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
|
| nssCryptokiObject *co = NULL;
|
| SECStatus rv;
|
|
|
| @@ -2689,3 +2682,25 @@ PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg)
|
| nssCryptokiObjectArray_Destroy(instances);
|
| return slotList;
|
| }
|
| +
|
| +/*
|
| + * Using __PK11_SetCertificateNickname is *DANGEROUS*.
|
| + *
|
| + * The API will update the NSS database, but it *will NOT* update the in-memory data.
|
| + * As a result, after calling this API, there will be INCONSISTENCY between
|
| + * in-memory data and the database.
|
| + *
|
| + * Use of the API should be limited to short-lived tools, which will exit immediately
|
| + * after using this API.
|
| + *
|
| + * If you ignore this warning, your process is TAINTED and will most likely misbehave.
|
| + */
|
| +SECStatus
|
| +__PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname)
|
| +{
|
| + /* Can't set nickname of temp cert. */
|
| + if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) {
|
| + return SEC_ERROR_INVALID_ARGS;
|
| + }
|
| + return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname);
|
| +}
|
|
|
Chromium Code Reviews
Issue 1017413002:
Uprev NSS to 3.18 RTM (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@nspr_uprev