trustbridge: cinst/mozilla.c comparison

Add trust "Trusted CA to issue server certificates" to certs on install.

author	Sascha Wilde <wilde@intevation.de>
date	Fri, 04 Apr 2014 09:53:55 +0200
parents	ab69d268b5c8
children	4ffc9f31b61a

comparison

equal deleted inserted replaced

-:ab69d268b5c8
+:fa37384b86b6
 */
 static bool
 import_cert(char *pdir, SECItem *dercert)
 {
 PK11SlotInfo *pk11slot = NULL;
+CERTCertTrust *trust = NULL;
+CERTCertificate *cert = NULL;
 bool success = false;
 char *cert_name = nss_cert_name(dercert);
 DEBUGPRINTF("INSTALLING cert: '%s' to: %s\n", cert_name, pdir);
 if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess)
 {
 pk11slot = PK11_GetInternalKeySlot();
-if (PK11_ImportDERCert(pk11slot, dercert, CK_INVALID_HANDLE,
+cert = CERT_DecodeCertFromPackage((char *)dercert->data,
-cert_name, PR_FALSE)
+(int)dercert->len);
-== SECSuccess)
+trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust));
-{
+CERT_DecodeTrustString(trust, "C");
+if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE,
+cert_name, PR_FALSE)
+== SECSuccess) &&
+(CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust)
+== SECSuccess))
+{
 success = true;
 }
 else
 {
 DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
 }
+CERT_DestroyCertificate (cert);
+PORT_Free(trust);
 PK11_FreeSlot(pk11slot);
 NSS_Shutdown();
 }
 else
 {

Mercurial > trustbridge