Mercurial > trustbridge

changeset 309:fa37384b86b6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add trust "Trusted CA to issue server certificates" to certs on install.
author Sascha Wilde <wilde@intevation.de>
date Fri, 04 Apr 2014 09:53:55 +0200
parents ab69d268b5c8
children f758460ca437
files cinst/mozilla.c
diffstat 1 files changed, 14 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/cinst/mozilla.c	Thu Apr 03 18:23:09 2014 +0200
+++ b/cinst/mozilla.c	Fri Apr 04 09:53:55 2014 +0200
@@ -415,6 +415,8 @@
 import_cert(char *pdir, SECItem *dercert)
 {
   PK11SlotInfo *pk11slot = NULL;
+  CERTCertTrust *trust = NULL;
+  CERTCertificate *cert = NULL;
   bool success = false;
   char *cert_name = nss_cert_name(dercert);
 
@@ -422,16 +424,25 @@
   if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess)
     {
       pk11slot = PK11_GetInternalKeySlot();
-      if (PK11_ImportDERCert(pk11slot, dercert, CK_INVALID_HANDLE,
-                             cert_name, PR_FALSE)
-          == SECSuccess)
+      cert = CERT_DecodeCertFromPackage((char *)dercert->data,
+                                        (int)dercert->len);
+      trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust));
+      CERT_DecodeTrustString(trust, "C");
+      if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE,
+                           cert_name, PR_FALSE)
+           == SECSuccess) &&
+          (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust)
+           == SECSuccess))
         {
+
           success = true;
         }
       else
         {
           DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
         }
+      CERT_DestroyCertificate (cert);
+      PORT_Free(trust);
       PK11_FreeSlot(pk11slot);
       NSS_Shutdown();
     }
http://wald.intevation.org/projects/trustbridge/