# HG changeset patch
# User Sascha Wilde <wilde@intevation.de>
# Date 1396598035 -7200
# Node ID fa37384b86b6404135fa6700d83dbf3685059005
# Parent  ab69d268b5c861463577527c8c4ac0b80ccd9535
Add trust "Trusted CA to issue server certificates" to certs on install.

diff -r ab69d268b5c8 -r fa37384b86b6 cinst/mozilla.c
--- a/cinst/mozilla.c	Thu Apr 03 18:23:09 2014 +0200
+++ b/cinst/mozilla.c	Fri Apr 04 09:53:55 2014 +0200
@@ -415,6 +415,8 @@
 import_cert(char *pdir, SECItem *dercert)
 {
   PK11SlotInfo *pk11slot = NULL;
+  CERTCertTrust *trust = NULL;
+  CERTCertificate *cert = NULL;
   bool success = false;
   char *cert_name = nss_cert_name(dercert);
 
@@ -422,16 +424,25 @@
   if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess)
     {
       pk11slot = PK11_GetInternalKeySlot();
-      if (PK11_ImportDERCert(pk11slot, dercert, CK_INVALID_HANDLE,
-                             cert_name, PR_FALSE)
-          == SECSuccess)
+      cert = CERT_DecodeCertFromPackage((char *)dercert->data,
+                                        (int)dercert->len);
+      trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust));
+      CERT_DecodeTrustString(trust, "C");
+      if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE,
+                           cert_name, PR_FALSE)
+           == SECSuccess) &&
+          (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust)
+           == SECSuccess))
         {
+
           success = true;
         }
       else
         {
           DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
         }
+      CERT_DestroyCertificate (cert);
+      PORT_Free(trust);
       PK11_FreeSlot(pk11slot);
       NSS_Shutdown();
     }