Mercurial > trustbridge
changeset 493:48d7b956bd98
Change loop order of installation to only call NSS_Initialize once per db
author | Andre Heinecke <aheinecke@intevation.de> |
---|---|
date | Thu, 24 Apr 2014 17:04:49 +0000 |
parents | dcb014e7d32f |
children | 613fbcb5df0c |
files | cinst/mozilla.c cinst/nss-secitemlist.c cinst/nss-secitemlist.h |
diffstat | 3 files changed, 52 insertions(+), 28 deletions(-) [+] |
line wrap: on
line diff
--- a/cinst/mozilla.c Thu Apr 24 16:06:00 2014 +0000 +++ b/cinst/mozilla.c Thu Apr 24 17:04:49 2014 +0000 @@ -438,34 +438,27 @@ char *cert_name = nss_cert_name(dercert); DEBUGPRINTF("INSTALLING cert: '%s' to: %s\n", cert_name, pdir); - if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess) + pk11slot = PK11_GetInternalKeySlot(); + cert = CERT_DecodeCertFromPackage((char *)dercert->data, + (int)dercert->len); + trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust)); + CERT_DecodeTrustString(trust, "C"); + if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, + cert_name, PR_FALSE) + == SECSuccess) && + (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) + == SECSuccess)) { - pk11slot = PK11_GetInternalKeySlot(); - cert = CERT_DecodeCertFromPackage((char *)dercert->data, - (int)dercert->len); - trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust)); - CERT_DecodeTrustString(trust, "C"); - if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, - cert_name, PR_FALSE) - == SECSuccess) && - (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) - == SECSuccess)) - { - success = true; - } - else - { - DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir); - } - CERT_DestroyCertificate (cert); - free(trust); - PK11_FreeSlot(pk11slot); - NSS_Shutdown(); + success = true; } else { - DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir); + DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir); + ERRORPRINTF("Error installing certificate err: %i\n", PORT_GetError()); } + CERT_DestroyCertificate (cert); + free(trust); + PK11_FreeSlot(pk11slot); free(cert_name); return success; @@ -544,18 +537,25 @@ apply_to_certs_and_profiles(bool fn(char *, SECItem *), seciteml_t **certs, char **pdirs) { - SECItem *cert; bool success = true; - while ((cert = seciteml_pop(certs)) != NULL) + for (int i=0; pdirs[i] != NULL; i++) { - for (int i=0; pdirs[i] != NULL; i++) + seciteml_t *iter = *certs; + if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0) != SECSuccess) { + DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdirs[i]); + continue; + } + + while (iter != NULL && iter->item != NULL) + { + SECItem *cert = iter->item; if (! (*fn)(pdirs[i], cert)) success = false; + iter = iter->next; } - free(cert->data); - free(cert); + NSS_Shutdown(); } return success;
--- a/cinst/nss-secitemlist.c Thu Apr 24 16:06:00 2014 +0000 +++ b/cinst/nss-secitemlist.c Thu Apr 24 17:04:49 2014 +0000 @@ -20,6 +20,20 @@ *list = newlelt; } +void +seciteml_free (seciteml_t **list) +{ + seciteml_t *oldlelt; + + while (*list != NULL) + { + oldlelt = *list; + *list = oldlelt->next; + free(oldlelt->item); + free(oldlelt); + } +} + SECItem *seciteml_pop (seciteml_t **list) { seciteml_t *oldlelt;
--- a/cinst/nss-secitemlist.h Thu Apr 24 16:06:00 2014 +0000 +++ b/cinst/nss-secitemlist.h Thu Apr 24 17:04:49 2014 +0000 @@ -44,4 +44,14 @@ */ SECItem *seciteml_pop (seciteml_t **list); +/** + * @brief Free a secitem list + * + * Frees a secitem list + * + * @param[inout] list pointer to the list which should be freed. set to NULL + */ +void seciteml_free (seciteml_t **list); + + #endif