Mercurial > trustbridge
changeset 309:fa37384b86b6
Add trust "Trusted CA to issue server certificates" to certs on install.
author | Sascha Wilde <wilde@intevation.de> |
---|---|
date | Fri, 04 Apr 2014 09:53:55 +0200 |
parents | ab69d268b5c8 |
children | f758460ca437 |
files | cinst/mozilla.c |
diffstat | 1 files changed, 14 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/cinst/mozilla.c Thu Apr 03 18:23:09 2014 +0200 +++ b/cinst/mozilla.c Fri Apr 04 09:53:55 2014 +0200 @@ -415,6 +415,8 @@ import_cert(char *pdir, SECItem *dercert) { PK11SlotInfo *pk11slot = NULL; + CERTCertTrust *trust = NULL; + CERTCertificate *cert = NULL; bool success = false; char *cert_name = nss_cert_name(dercert); @@ -422,16 +424,25 @@ if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess) { pk11slot = PK11_GetInternalKeySlot(); - if (PK11_ImportDERCert(pk11slot, dercert, CK_INVALID_HANDLE, - cert_name, PR_FALSE) - == SECSuccess) + cert = CERT_DecodeCertFromPackage((char *)dercert->data, + (int)dercert->len); + trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust)); + CERT_DecodeTrustString(trust, "C"); + if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, + cert_name, PR_FALSE) + == SECSuccess) && + (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) + == SECSuccess)) { + success = true; } else { DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir); } + CERT_DestroyCertificate (cert); + PORT_Free(trust); PK11_FreeSlot(pk11slot); NSS_Shutdown(); }