comparison cinst/mozilla.c @ 1012:a80abef948fa

(issue86) Initialize NSS db with empty pin in case it needs it.
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 02 Sep 2014 15:20:24 +0200
parents 1cd1bfe82fc2
children 78798d3af8f0
comparison
equal deleted inserted replaced
1011:9c4543128666 1012:a80abef948fa
59 #include <certdb.h> 59 #include <certdb.h>
60 #include <certt.h> 60 #include <certt.h>
61 #include <dirent.h> 61 #include <dirent.h>
62 #include <nss.h> 62 #include <nss.h>
63 #include <pk11pub.h> 63 #include <pk11pub.h>
64 #include <secerr.h>
64 #include <stdbool.h> 65 #include <stdbool.h>
65 #include <stdio.h> 66 #include <stdio.h>
66 #include <stdlib.h> 67 #include <stdlib.h>
67 #include <string.h> 68 #include <string.h>
68 #include <sys/types.h> 69 #include <sys/types.h>
620 pk11slot = PK11_GetInternalKeySlot(); 621 pk11slot = PK11_GetInternalKeySlot();
621 cert = CERT_DecodeCertFromPackage((char *)dercert->data, 622 cert = CERT_DecodeCertFromPackage((char *)dercert->data,
622 (int)dercert->len); 623 (int)dercert->len);
623 trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust)); 624 trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust));
624 CERT_DecodeTrustString(trust, "C,C,C"); 625 CERT_DecodeTrustString(trust, "C,C,C");
625 if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, 626 if (PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE,
626 cert_name, PR_FALSE) 627 cert_name, PR_FALSE) == SECSuccess)
627 == SECSuccess) && 628 {
628 (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) 629 if(CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) == SECSuccess)
629 == SECSuccess)) 630 {
630 { 631 log_certificate_der (pdir, dercert->data, dercert->len, true);
631 log_certificate_der (pdir, dercert->data, dercert->len, true); 632 success = true;
632 success = true; 633 }
633 } 634 }
634 else 635 /* This could have happened on either the import cert or
636 the cert change trust. If Import Cert fails with that
637 error the certificate has in fact been added but with
638 random trist bits. See NSS Bug 595861.
639 Reference code can be found in gnome evolution under
640 smime/lib/e-cert-db.c */
641 if(PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN)
642 {
643 if (PK11_NeedUserInit (pk11slot))
644 {
645 PK11_InitPin (pk11slot, "", "");
646 }
647 if (PK11_Authenticate (pk11slot, PR_TRUE, NULL) != SECSuccess)
648 {
649 DEBUGPRINTF("Failed to authenticate.\n");
650 }
651 else if(CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) == SECSuccess)
652 {
653 log_certificate_der (pdir, dercert->data, dercert->len, true);
654 success = true;
655 }
656 }
657
658 if (!success)
635 { 659 {
636 DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir); 660 DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
637 ERRORPRINTF("Error installing certificate err: %i\n", PORT_GetError()); 661 ERRORPRINTF("Error installing certificate err: %i\n", PORT_GetError());
638 } 662 }
639 CERT_DestroyCertificate (cert); 663 CERT_DestroyCertificate (cert);

http://wald.intevation.org/projects/trustbridge/