From ffa4c947ec497e98127e62cc94379f41dcc8b2cc Mon Sep 17 00:00:00 2001 From: "ian.mcgreer%sun.com" Date: Fri, 1 Mar 2002 21:43:57 +0000 Subject: [PATCH] modify last patch to only take effect if the slot certs are not publicly readable, and to not update the token cert list more than once --- security/nss/lib/pk11wrap/pk11slot.c | 9 +++++---- security/nss/lib/pki/pki3hack.c | 5 ++++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 86c58ead8aef..c3839594eb86 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -725,8 +725,9 @@ PK11_Logout(PK11SlotInfo *slot) PK11_EnterSlotMonitor(slot); crv = PK11_GETTAB(slot)->C_Logout(slot->session); PK11_ExitSlotMonitor(slot); - if (slot->nssToken) { - nssToken_DestroyCertList(slot->nssToken, PR_TRUE); + if (slot->nssToken && !PK11_IsFriendly(slot)) { + /* If the slot certs are not public readable, destroy them */ + nssToken_DestroyCertList(slot->nssToken, PR_TRUE); } if (crv != CKR_OK) { PORT_SetError(PK11_MapError(crv)); @@ -1143,8 +1144,8 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) } if (rv == SECSuccess) { rv = pk11_CheckVerifyTest(slot); - if (rv == SECSuccess && slot->nssToken) { - /* notify stan about the login */ + if (rv == SECSuccess && slot->nssToken && !PK11_IsFriendly(slot)) { + /* notify stan about the login if certs are not public readable */ nssToken_LoadCerts(slot->nssToken); } } else if (!attempt) PORT_SetError(SEC_ERROR_BAD_PASSWORD); diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index f372ddff0ca6..c95d930e6556 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -32,7 +32,7 @@ */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.36 $ $Date: 2002/02/28 22:55:29 $ $Name: $"; +static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.37 $ $Date: 2002/03/01 21:43:55 $ $Name: $"; #endif /* DEBUG */ /* @@ -247,6 +247,9 @@ nssToken_LoadCerts(NSSToken *token) if (!token->certList) { return PR_FAILURE; } + } else if (nssList_Count(token->certList) > 0) { + /* already been done */ + return PR_SUCCESS; } /* ignore the rv, just work without the list */ (void)nssToken_TraverseCertificates(token, NULL, &search);