From e9a0aa78670f139f3064b3e0ec51372b57189d5d Mon Sep 17 00:00:00 2001
From: "julien.pierre.bugs%sun.com" <julien.pierre.bugs%sun.com>
Date: Fri, 9 Jun 2006 21:55:11 +0000
Subject: [PATCH] Fix for bug 340917 - crlutil should init NSS read-only for
 list option. r=alexei.volkov

---
 security/nss/cmd/crlutil/crlutil.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c
index 5aafa6526db5..36d5688f3608 100644
--- a/security/nss/cmd/crlutil/crlutil.c
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -843,6 +843,7 @@ int main(int argc, char **argv)
     PRBool erase = PR_FALSE;
     PRInt32 i = 0;
     PRInt32 iterations = 1;
+    PRBool readonly = PR_FALSE;
 
     secuPWData  pwdata          = { PW_NONE, 0 };
 
@@ -1000,13 +1001,17 @@ int main(int argc, char **argv)
         (modifyCRL && !inFile && !nickName)) Usage (progName);
     if (!(listCRL || deleteCRL || importCRL || generateCRL ||
 	  modifyCRL || test || erase)) Usage (progName);
+
+    if (listCRL) {
+        readonly = PR_TRUE;
+    }
     
     PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
 
     PK11_SetPasswordFunc(SECU_GetModulePassword);
 
     secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix,
-			       "secmod.db", 0);
+			       "secmod.db", readonly ? NSS_INIT_READONLY : 0);
     if (secstatus != SECSuccess) {
 	SECU_PrintPRandOSError(progName);
 	return -1;