# HG changeset patch # User Andre Heinecke # Date 1409664024 -7200 # Node ID a80abef948fa2c6136c639c39d895a0ec8f9a525 # Parent 9c4543128666cef120152003792fe06026a09692 (issue86) Initialize NSS db with empty pin in case it needs it. diff -r 9c4543128666 -r a80abef948fa cinst/mozilla.c --- a/cinst/mozilla.c Tue Sep 02 14:43:48 2014 +0200 +++ b/cinst/mozilla.c Tue Sep 02 15:20:24 2014 +0200 @@ -61,6 +61,7 @@ #include #include #include +#include #include #include #include @@ -622,16 +623,39 @@ (int)dercert->len); trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust)); CERT_DecodeTrustString(trust, "C,C,C"); - if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, - cert_name, PR_FALSE) - == SECSuccess) && - (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) - == SECSuccess)) + if (PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, + cert_name, PR_FALSE) == SECSuccess) { - log_certificate_der (pdir, dercert->data, dercert->len, true); - success = true; + if(CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) == SECSuccess) + { + log_certificate_der (pdir, dercert->data, dercert->len, true); + success = true; + } } - else + /* This could have happened on either the import cert or + the cert change trust. If Import Cert fails with that + error the certificate has in fact been added but with + random trist bits. See NSS Bug 595861. + Reference code can be found in gnome evolution under + smime/lib/e-cert-db.c */ + if(PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) + { + if (PK11_NeedUserInit (pk11slot)) + { + PK11_InitPin (pk11slot, "", ""); + } + if (PK11_Authenticate (pk11slot, PR_TRUE, NULL) != SECSuccess) + { + DEBUGPRINTF("Failed to authenticate.\n"); + } + else if(CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) == SECSuccess) + { + log_certificate_der (pdir, dercert->data, dercert->len, true); + success = true; + } + } + + if (!success) { DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir); ERRORPRINTF("Error installing certificate err: %i\n", PORT_GetError());