mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-11 20:35:50 +00:00
NSSCryptoContext_ImportCertificate cannot inform the caller that the cert already exists as a temp cert, is is necessary to work around this in CERT_NewTempCertificate by doing a lookup on the cert after it was imported.
r=relyea
This commit is contained in:
parent
4121f4550e
commit
6958bd9af8
@ -180,6 +180,7 @@ __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
|
||||
NSSCryptoContext *context;
|
||||
NSSArena *arena;
|
||||
CERTCertificate *cc;
|
||||
NSSCertificate *tempCert;
|
||||
NSSCryptoContext *gCC = STAN_GetDefaultCryptoContext();
|
||||
if (!isperm) {
|
||||
NSSDER encoding;
|
||||
@ -241,10 +242,26 @@ __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
|
||||
PORT_Strlen(cc->emailAddr));
|
||||
}
|
||||
context = STAN_GetDefaultCryptoContext();
|
||||
/* this function cannot detect if the cert exists as a temp cert now, but
|
||||
* didn't when CERT_NewTemp was first called.
|
||||
*/
|
||||
nssrv = NSSCryptoContext_ImportCertificate(context, c);
|
||||
if (nssrv != PR_SUCCESS) {
|
||||
goto loser;
|
||||
}
|
||||
/* so find the entry in the temp store */
|
||||
tempCert = NSSCryptoContext_FindCertificateByIssuerAndSerialNumber(context,
|
||||
&c->issuer,
|
||||
&c->serial);
|
||||
/* destroy the copy */
|
||||
NSSCertificate_Destroy(c);
|
||||
if (tempCert) {
|
||||
/* and use the "official" entry */
|
||||
c = tempCert;
|
||||
cc = STAN_GetCERTCertificate(c);
|
||||
} else {
|
||||
return NULL;
|
||||
}
|
||||
c->object.trustDomain = STAN_GetDefaultTrustDomain();
|
||||
cc->istemp = PR_TRUE;
|
||||
cc->isperm = PR_FALSE;
|
||||
|
Loading…
Reference in New Issue
Block a user