changeset 493:48d7b956bd98

Change loop order of installation to only call NSS_Initialize once per db
author Andre Heinecke <aheinecke@intevation.de>
date Thu, 24 Apr 2014 17:04:49 +0000
parents dcb014e7d32f
children 613fbcb5df0c
files cinst/mozilla.c cinst/nss-secitemlist.c cinst/nss-secitemlist.h
diffstat 3 files changed, 52 insertions(+), 28 deletions(-) [+]
line wrap: on
line diff
--- a/cinst/mozilla.c	Thu Apr 24 16:06:00 2014 +0000
+++ b/cinst/mozilla.c	Thu Apr 24 17:04:49 2014 +0000
@@ -438,34 +438,27 @@
   char *cert_name = nss_cert_name(dercert);
 
   DEBUGPRINTF("INSTALLING cert: '%s' to: %s\n", cert_name, pdir);
-  if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess)
+  pk11slot = PK11_GetInternalKeySlot();
+  cert = CERT_DecodeCertFromPackage((char *)dercert->data,
+                                    (int)dercert->len);
+  trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust));
+  CERT_DecodeTrustString(trust, "C");
+  if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE,
+                       cert_name, PR_FALSE)
+       == SECSuccess) &&
+      (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust)
+       == SECSuccess))
     {
-      pk11slot = PK11_GetInternalKeySlot();
-      cert = CERT_DecodeCertFromPackage((char *)dercert->data,
-                                        (int)dercert->len);
-      trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust));
-      CERT_DecodeTrustString(trust, "C");
-      if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE,
-                           cert_name, PR_FALSE)
-           == SECSuccess) &&
-          (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust)
-           == SECSuccess))
-        {
-          success = true;
-        }
-      else
-        {
-          DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
-        }
-      CERT_DestroyCertificate (cert);
-      free(trust);
-      PK11_FreeSlot(pk11slot);
-      NSS_Shutdown();
+      success = true;
     }
   else
     {
-      DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir);
+      DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
+      ERRORPRINTF("Error installing certificate err: %i\n", PORT_GetError());
     }
+  CERT_DestroyCertificate (cert);
+  free(trust);
+  PK11_FreeSlot(pk11slot);
 
   free(cert_name);
   return success;
@@ -544,18 +537,25 @@
 apply_to_certs_and_profiles(bool fn(char *, SECItem *),
                             seciteml_t **certs, char **pdirs)
 {
-  SECItem *cert;
   bool success = true;
 
-  while ((cert = seciteml_pop(certs)) != NULL)
+  for (int i=0; pdirs[i] != NULL; i++)
     {
-      for (int i=0; pdirs[i] != NULL; i++)
+      seciteml_t *iter = *certs;
+      if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0) != SECSuccess)
         {
+          DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdirs[i]);
+          continue;
+        }
+
+      while (iter != NULL && iter->item != NULL)
+        {
+          SECItem *cert = iter->item;
           if (! (*fn)(pdirs[i], cert))
             success = false;
+          iter = iter->next;
         }
-      free(cert->data);
-      free(cert);
+      NSS_Shutdown();
     }
 
   return success;
--- a/cinst/nss-secitemlist.c	Thu Apr 24 16:06:00 2014 +0000
+++ b/cinst/nss-secitemlist.c	Thu Apr 24 17:04:49 2014 +0000
@@ -20,6 +20,20 @@
   *list = newlelt;
 }
 
+void
+seciteml_free (seciteml_t **list)
+{
+  seciteml_t *oldlelt;
+
+  while (*list != NULL)
+    {
+      oldlelt = *list;
+      *list = oldlelt->next;
+      free(oldlelt->item);
+      free(oldlelt);
+    }
+}
+
 SECItem *seciteml_pop (seciteml_t **list)
 {
   seciteml_t *oldlelt;
--- a/cinst/nss-secitemlist.h	Thu Apr 24 16:06:00 2014 +0000
+++ b/cinst/nss-secitemlist.h	Thu Apr 24 17:04:49 2014 +0000
@@ -44,4 +44,14 @@
  */
 SECItem *seciteml_pop (seciteml_t **list);
 
+/**
+ * @brief Free a secitem list
+ *
+ * Frees a secitem list
+ *
+ * @param[inout] list pointer to the list which should be freed. set to NULL
+ */
+void seciteml_free (seciteml_t **list);
+
+
 #endif

http://wald.intevation.org/projects/trustbridge/