mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-17 07:15:46 +00:00
implement istemp and isperm in case clients depend on it, make sure certs own a reference to their slot and then free it
This commit is contained in:
parent
68999b99a0
commit
75f5e9ba76
@ -158,6 +158,8 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
|
||||
/* reset the CERTCertificate fields */
|
||||
cert->nssCertificate = NULL;
|
||||
cert = STAN_GetCERTCertificate(c); /* will return same pointer */
|
||||
cert->istemp = PR_FALSE;
|
||||
cert->isperm = PR_TRUE;
|
||||
return (STAN_ChangeCertTrust(cert, trust) == PR_SUCCESS) ?
|
||||
SECSuccess: SECFailure;
|
||||
}
|
||||
@ -238,6 +240,8 @@ __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
|
||||
goto loser;
|
||||
}
|
||||
c->object.trustDomain = STAN_GetDefaultTrustDomain();
|
||||
cc->istemp = PR_TRUE;
|
||||
cc->isperm = PR_FALSE;
|
||||
return cc;
|
||||
loser:
|
||||
nssPKIObject_Destroy(&c->object);
|
||||
@ -500,37 +504,37 @@ CERT_DestroyCertificate(CERTCertificate *cert)
|
||||
#else
|
||||
if (tmp) {
|
||||
/* delete the NSSCertificate */
|
||||
PK11SlotInfo *slot = cert->slot;
|
||||
PRBool freeSlot = cert->ownSlot;
|
||||
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
|
||||
refCount = (int)tmp->object.refCount;
|
||||
if (tmp) {
|
||||
/* This is a hack. For 3.4, there are persistent references
|
||||
* to 4.0 certificates during the lifetime of a cert. In the
|
||||
* case of a temp cert, the persistent reference is in the
|
||||
* cert store of the global crypto context. For a perm cert,
|
||||
* the persistent reference is in the cache. Thus, the last
|
||||
* external reference is really the penultimate NSS reference.
|
||||
* When the count drops to two, it is really one, but the
|
||||
* persistent reference must be explicitly deleted. In 4.0,
|
||||
* this ugliness will not appear. Crypto contexts will remove
|
||||
* their own cert references, and the cache will have its
|
||||
* own management code also.
|
||||
*/
|
||||
if (refCount == 2) {
|
||||
NSSCryptoContext *cc = tmp->object.cryptoContext;
|
||||
if (cc != NULL) {
|
||||
nssCertificateStore_Remove(cc->certStore, tmp);
|
||||
} else {
|
||||
nssTrustDomain_RemoveCertFromCache(td, tmp);
|
||||
}
|
||||
refCount = (int)tmp->object.refCount;
|
||||
/* This is a hack. For 3.4, there are persistent references
|
||||
* to 4.0 certificates during the lifetime of a cert. In the
|
||||
* case of a temp cert, the persistent reference is in the
|
||||
* cert store of the global crypto context. For a perm cert,
|
||||
* the persistent reference is in the cache. Thus, the last
|
||||
* external reference is really the penultimate NSS reference.
|
||||
* When the count drops to two, it is really one, but the
|
||||
* persistent reference must be explicitly deleted. In 4.0,
|
||||
* this ugliness will not appear. Crypto contexts will remove
|
||||
* their own cert references, and the cache will have its
|
||||
* own management code also.
|
||||
*/
|
||||
if (refCount == 2) {
|
||||
NSSCryptoContext *cc = tmp->object.cryptoContext;
|
||||
if (cc != NULL) {
|
||||
nssCertificateStore_Remove(cc->certStore, tmp);
|
||||
} else {
|
||||
nssTrustDomain_RemoveCertFromCache(td, tmp);
|
||||
}
|
||||
NSSCertificate_Destroy(tmp);
|
||||
/* another hack... the destroy *must* decrement the count */
|
||||
--refCount;
|
||||
refCount = (int)tmp->object.refCount;
|
||||
}
|
||||
} else {
|
||||
refCount = 0;
|
||||
}
|
||||
NSSCertificate_Destroy(tmp);
|
||||
/* another hack... the destroy *must* decrement the count */
|
||||
if (--refCount == 0) {
|
||||
if (freeSlot) PK11_FreeSlot(slot);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
return;
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.27 $ $Date: 2002/01/24 00:26:27 $ $Name: $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.28 $ $Date: 2002/01/24 00:58:02 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
@ -586,7 +586,8 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc)
|
||||
}
|
||||
} else if (instance) {
|
||||
/* slot */
|
||||
cc->slot = instance->token->pk11slot;
|
||||
cc->slot = PK11_ReferenceSlot(instance->token->pk11slot);
|
||||
cc->ownSlot = PR_TRUE;
|
||||
/* pkcs11ID */
|
||||
cc->pkcs11ID = instance->handle;
|
||||
/* trust */
|
||||
@ -595,6 +596,9 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc)
|
||||
/* database handle is now the trust domain */
|
||||
cc->dbhandle = c->object.trustDomain;
|
||||
/* subjectList ? */
|
||||
/* istemp and isperm are supported in NSS 3.4 */
|
||||
cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */
|
||||
cc->isperm = PR_TRUE; /* by default */
|
||||
/* pointer back */
|
||||
cc->nssCertificate = c;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user