Commit Graph

2359 Commits

Author SHA1 Message Date
jpierre%netscape.com
595f01c3fd Roll back checkin to fix QA tests 2002-09-07 02:59:04 +00:00
jpierre%netscape.com
58167f8fae Fix NT build 2002-09-07 02:48:45 +00:00
jpierre%netscape.com
78ade1e7f9 Fix compiler warnings 2002-09-07 01:48:46 +00:00
jpierre%netscape.com
e2b8be5319 Fix compiler warnings 2002-09-07 01:24:27 +00:00
jpierre%netscape.com
486fd19230 Fix compiler warnings 2002-09-07 01:00:04 +00:00
jpierre%netscape.com
c7dffa49c0 Fix compiler warnings 2002-09-07 00:35:00 +00:00
jpierre%netscape.com
f78a02f328 Fix compiler warnings 2002-09-07 00:25:49 +00:00
jpierre%netscape.com
3a6569e478 Fix compiler warning 2002-09-07 00:22:50 +00:00
jpierre%netscape.com
434867f871 Fix compiler warning under windows 2002-09-07 00:14:14 +00:00
relyea%netscape.com
3ca346f840 Believe both entry types (old and new) when looking for the key. 2002-09-06 23:16:42 +00:00
relyea%netscape.com
869f213889 Initialize len before we use it. 2002-09-06 23:15:35 +00:00
wtc%netscape.com
6d4ccd8d26 Bug 166933: fixed build breakage on the Mac.
Modified files: certdb/crl.c certhigh/certhigh.c softoken/dbmshim.c
2002-09-06 20:17:42 +00:00
relyea%netscape.com
dcf684fc77 Bug 166893: copy the DER cert when importing the certificate 2002-09-06 18:48:37 +00:00
nicolson%netscape.com
e179fe8904 Fix 164126: makefile build error.
Change the NSS module name from "security" to "nss".
2002-09-06 16:38:56 +00:00
ian.mcgreer%sun.com
1871593ad6 additional patch for bug 166768 2002-09-06 14:10:14 +00:00
jpierre%netscape.com
c16a17bc7a Fix for 162983 - consider all certs revoked if there is a bad CRL in the cache 2002-09-06 06:53:03 +00:00
wtc%netscape.com
5a3d303bc9 Bug 136804: initialize inFile to PR_STDIN instead of NULL so that we don't
crash if the -i option is not specified.  Added two assertions to avoid
closing PR_STDIN due to internal errors.
2002-09-06 03:52:49 +00:00
relyea%netscape.com
4f3a923668 UnwrapPubKeyWithFlags is supposed to be public!! 2002-09-06 00:43:25 +00:00
wtc%netscape.com
a897ae16a9 Bugs 166734 and 166785: fixed compiler warnings reported by gcc on Linux.
The patch for this checkin is attached to bug 166785.
2002-09-06 00:27:52 +00:00
relyea%netscape.com
a017e8a053 Remove key.db from the using the blob db code. The blob db code uses the cert7.db record format to
record blobs in the database, which is incompatible with the key3.db format. (key3 does not have
any record types).
2002-09-06 00:18:24 +00:00
ian.mcgreer%sun.com
019a972928 bug 166741, unitialized variables
r=wtc
2002-09-05 22:28:30 +00:00
wtc%netscape.com
7d800864d1 Bug 166933: added quickder.c. 2002-09-05 21:47:24 +00:00
wtc%netscape.com
4f310f7f76 Bug 166933: added dbmshim.c. 2002-09-05 21:46:26 +00:00
ian.mcgreer%sun.com
d681129497 make dsa_SignDigest static (mentioned in bug 166722) 2002-09-05 20:44:09 +00:00
ian.mcgreer%sun.com
935b91935c bugs 166722 and 166768, compiler warnings in blapitest
r=wtc
2002-09-05 20:37:44 +00:00
wtc%netscape.com
a1d5df2a05 Fixed unresolved symbol DPCache_Refresh, which I believe is a misspelling
of DP_RefreshCache.
2002-09-05 16:34:27 +00:00
jpierre%netscape.com
3a78c9b53c Fix for 166714 - make SEC_FindCrlByName use the CRL cache 2002-09-05 06:12:33 +00:00
jpierre%netscape.com
c285793b55 Fix for 166719 - crash in large object file mapping emulation code . r=wtc 2002-09-05 00:25:29 +00:00
nelsonb%netscape.com
b324789645 Treat empty SubjectAltName extensions as if they were non-existant.
Bugs 162979 166454.
2002-09-04 00:42:01 +00:00
ian.mcgreer%sun.com
4f529f9bd7 bug 165863, free token on error paths 2002-09-03 19:42:13 +00:00
wtc%netscape.com
f254659354 Bug 165859: fixed the problem that 'collection' was destroyed twice on
error in nssTrustDomain_FindCertificateByIssuerAndSerialNumber.
2002-08-31 04:52:46 +00:00
jpierre%netscape.com
5e5a705cb7 Fix for 160805 . Make a copy of items into the arena before calling SEC_QuickDERDecodeItem where needed 2002-08-31 00:37:52 +00:00
wtc%netscape.com
70f99e8394 Checked in an equivalent but simpler fix for Bug 165639
(NSSRWLock_UnlockWrite failed to wake up waiting readers).
2002-08-30 23:55:51 +00:00
jpierre%netscape.com
29333f104f Implement the CRL cache . Bug 149854 2002-08-30 22:57:03 +00:00
jpierre%netscape.com
bcec4b1c38 Fix for 165639 - NSSRWLock_UnlockWrite causes deadlock when using recursivity of locoks. Fix by Wan-Teh 2002-08-30 22:46:45 +00:00
jpierre%netscape.com
62d1f75a0e Fix comment 2002-08-30 22:45:46 +00:00
relyea%netscape.com
724f0590f9 Check the cert validity only if we actually found a cert. 2002-08-30 20:37:58 +00:00
relyea%netscape.com
e8f4d6e455 Bring SSL strength up to NSS 3.x level. 2002-08-30 17:56:05 +00:00
relyea%netscape.com
8c67c1f99d When looking for a recipient match, reject non-user certs. 2002-08-29 22:19:46 +00:00
relyea%netscape.com
7dfc67b46e Export ModInfo call. 2002-08-29 22:11:53 +00:00
relyea%netscape.com
048dddbfac Filter on keyID, then run through the best cert check. 2002-08-29 22:11:06 +00:00
relyea%netscape.com
9b7f272663 Fix Version spelling, remove rcsid. 2002-08-29 17:45:12 +00:00
jpierre%netscape.com
ff1060bae7 Fix memory corruption 2002-08-29 01:28:53 +00:00
relyea%netscape.com
105a2411db File with version number for applications 2002-08-28 22:13:19 +00:00
relyea%netscape.com
0ea332961f Put version number in an external header so applications can check if they
are using an up-to-date builtins module.
2002-08-28 22:12:58 +00:00
relyea%netscape.com
3d603dad91 handle dbm blobs withouth stressing libdbm. 2002-08-28 21:51:10 +00:00
ian.mcgreer%sun.com
387eab1238 fix broken builds 2002-08-28 13:27:32 +00:00
relyea%netscape.com
24adc2754c close hole in trust lookups. 2002-08-27 23:38:29 +00:00
relyea%netscape.com
675de20876 Roll the version number forward 2002-08-27 23:32:31 +00:00
relyea%netscape.com
6abad730cc Roll the version number forward. 2002-08-27 23:29:36 +00:00
relyea%netscape.com
2b952c4a99 use correct issuer/SN for beTRUSTed -- Entrust 2002-08-27 20:57:48 +00:00
relyea%netscape.com
286095b7a0 beTRUSTed, RSA, GeoTrust, UTN-USER, and AOL Roots also need issuer/SN 2002-08-27 20:41:20 +00:00
relyea%netscape.com
032b21fe1a Trust objects need Issuer and Serial number. 2002-08-27 20:17:09 +00:00
relyea%netscape.com
3dce5c6a40 Trust attributes need issuer & serial number 2002-08-27 20:15:58 +00:00
kaie%netscape.com
43a34d7ec4 b=107034 OE requires special attribute in incoming signed messages to support dual key certificates. Add new function
NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs.
r=relyea
2002-08-27 13:14:42 +00:00
kaie%netscape.com
21b34fa931 Backing myself out, since it didn't compile on Win32, and I would like to discuss the correct fix. 2002-08-27 00:05:11 +00:00
relyea%netscape.com
7a5ee3f753 Remove warning for unreferenced variable. 2002-08-26 21:39:49 +00:00
kaie%netscape.com
d478be6ac5 b=107034 OE requires special attribute in incoming signed messages to support dual key certificates. Add new function
NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs.
r=relyea
2002-08-26 21:34:31 +00:00
relyea%netscape.com
7ec5b51352 Bug 164690. Fix missing break; 2002-08-26 21:16:07 +00:00
relyea%netscape.com
5d6a14c82b Fix URL check. we should check crl->url for null, not the uninitialized variable url. 2002-08-26 16:27:49 +00:00
jpierre%netscape.com
dc99c08db3 Fix for 164471 - Hide passwords in NSS command-line tools on OS/2 2002-08-25 03:00:34 +00:00
jpierre%netscape.com
95bad7466f Correctly identify tty on OS/2 - fix for 164420 2002-08-24 13:46:50 +00:00
jpierre%netscape.com
cdaf8705fe Fix for 164403 - make console input work in NSS tools on OS/2 2002-08-24 11:51:42 +00:00
jpierre%netscape.com
463500a5ab Convert slow SEC_ASN1DecodeItem calls to SEC_QuickDERDecodeItem where possible. Performance improvement. Bug #160805 . r=relyea 2002-08-24 00:52:47 +00:00
wtc%netscape.com
77296171f1 Removed CERT_VerifyCertChain from the export list. Use
CERT_VerifyCACertForUsage instead.
2002-08-23 18:58:52 +00:00
rangansen%netscape.com
23625d6f94 Removing c++ style comment 2002-08-23 18:31:22 +00:00
rangansen%netscape.com
5fcabb2b51 Making sure VerifyCACertForUsage checks CRL if usage is statusResponder. Changes reviewed by Bob Relyea 2002-08-23 18:02:10 +00:00
relyea%netscape.com
4116e5ba07 Fix mixing different free calls. PR_smprintf requires PR_smprintf_free() 2002-08-23 02:12:05 +00:00
relyea%netscape.com
a1ac38f4be handle attribute types more intellegently. Don't fetch the object for invalid attributes if we don't have to. 2002-08-23 02:11:03 +00:00
wtc%netscape.com
2190605135 Bug 164035: checked in a small code optimization suggested by
J�rg Brunsmann <joerg_brunsmann@yahoo.de>. Use the local variable that
has the same value.
2002-08-22 18:05:32 +00:00
relyea%netscape.com
f5603c8844 Add pubwrap with flags 2002-08-22 00:41:41 +00:00
wtc%netscape.com
401d42ef18 Bug 163863: removed duplicate PORT_Memset calls in CERT_KeyFromDERCert.
Thanks to J�rg Brunsmann <joerg_brunsmann@yahoo.de> for the fix.
2002-08-21 18:05:20 +00:00
relyea%netscape.com
943dd39f49 1) fix crl memory.
2) remove several memory copies in the crl.
2002-08-21 00:09:23 +00:00
relyea%netscape.com
78007eba43 Bug 142172
1) look up the private key much earlier in the process so we know what slot it is on.
2) if a slot isn't specified, you the private key's slot.
3) if the specified slot and the private key slot don't match & the private key slot can do the PBE, then use the private key slot to do the PBE so we don't have to move the key.
4) if we have generated the PBE key in a different slot from the private key,
2002-08-19 18:24:58 +00:00
relyea%netscape.com
bb6cf23f23 use error code in secutil.
Clean up the output.
Print out cert chain parsing issues more completely.
2002-08-16 23:09:02 +00:00
relyea%netscape.com
cf0278de93 Quick and dirty utility to pink SSL servers to see if they are configured
correctly.

NOTES: This program is a (very slightly) modified version of the
SSLSample/client.c program. As such it used the sample program support, which is
a duplication of much of secutil. Future enhancements would be 1) link with
secutil.lib. 2) When handling BadCert requests, run the Full VerifyCert and dump
the results. Make connections to the servers testing SSL2, SSL3 and TLS.

Changes were basically 1) Set the program to run without a security database
(this means no token support, or client auth). 2) Explicitly load the builtins
module so that we can test against the standard trust.
2002-08-16 16:29:18 +00:00
jpierre%netscape.com
e5ec791fa2 Correctly count the number of items in a SEQUENCE OF or SET OF in quickder decoder. Bug found by one of Terry's tests. 2002-08-16 00:05:55 +00:00
nicolson%netscape.com
62f1239586 Fix 162761: PK11_GetKeyGen should work if you pass in a keygen alg.
Make PK11_GetKeyGen an identity function for keygen algs.
2002-08-14 23:57:45 +00:00
relyea%netscape.com
0fb6e546c6 bug 161552: Make the recipient list traversal functions call the internal
nsstoken_FindCertByIssuerAndSN() function to gain the benefit of the fixed
Searching code.
2002-08-14 20:42:40 +00:00
relyea%netscape.com
721712b0a2 Mozilla bug 145228. Clear out buffer to protect agains lazy PKCS #11 modules. 2002-08-13 00:13:48 +00:00
nelsonb%netscape.com
c957d262ac Test the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. Also, order
tests so all SSL3 tests are done before all TLS tests.
2002-08-09 22:09:18 +00:00
nelsonb%netscape.com
eeff02773b Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. Fix Usage. 2002-08-09 22:06:12 +00:00
nelsonb%netscape.com
e90c165157 Add support for SSL_RSA_WITH_NULL_SHA. Bug 161529. Fix usage message. 2002-08-09 21:58:28 +00:00
nelsonb%netscape.com
644319e67f Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 2002-08-09 21:53:17 +00:00
relyea%netscape.com
cbd308d951 Handle the switch from the static buffer to the realloc buffer. 2002-08-09 18:48:31 +00:00
relyea%netscape.com
c57a14afb4 remove unreferenced Variable. 2002-08-09 18:05:24 +00:00
jpierre%netscape.com
e6ee1f4c60 Add comment about partial CRLs 2002-08-09 07:09:25 +00:00
wtc%netscape.com
f0a85f101a Bug 148220: removed the unused field 'isFIPS'. 2002-08-08 22:52:14 +00:00
relyea%netscape.com
667aff1517 Bug 607834. save the correct name on so we can reset the database. 2002-08-08 18:02:34 +00:00
jpierre%netscape.com
6eeafa0a3a Stop referencing deleted quickder.h header 2002-08-08 01:55:34 +00:00
jpierre%netscape.com
81744b6f54 Updates to quick DER decoder, bug # 161215
Fixes from Terry's review :
- remove quick allocator
- always allocate entry array even if there is 0 entry
- rename DecodeConstructed to DecodeExplicit and use a better test for that case
- other misc small fixes
Also move SEC_QuickDERDecodeItem to secasn1.h
2002-08-08 01:54:38 +00:00
wtc%netscape.com
dd0afb2cee Bug 148220: implements FIPS 198 conformance. r=relyea.
Modified Files: alghmac.c alghmac.h lowpbe.c pkcs11c.c
2002-08-07 23:27:58 +00:00
nelsonb%netscape.com
3843ef99c0 Fix bug 160207 by changing the error alerts we send for failed decryption. 2002-08-07 20:01:51 +00:00
jpierre%netscape.com
9b074c9def Fix for 157649 - allow crlutil to do partial decoding so it can be used as a test program 2002-08-07 03:53:07 +00:00
jpierre%netscape.com
b4ea41c359 Additional error reporting 2002-08-07 03:47:23 +00:00
jpierre%netscape.com
1e8c079b69 Implement partial CRL decoding. Fix for 149816. r=wtc . Uses new quick DER decoder 2002-08-07 03:44:12 +00:00
jpierre%netscape.com
7759ca21de Reorder functions to avoid forward declaration of DecodePointer 2002-08-07 03:40:47 +00:00
jpierre%netscape.com
4607bbf866 Be consistent in memory allocations - use QuickZAlloc 2002-08-07 03:36:46 +00:00
jpierre%netscape.com
42d8685ccc Add new quick DER decoder. r=wtc 2002-08-07 03:25:47 +00:00
wtc%netscape.com
fdc41cd064 Bug 161316: make pk11pqg.h C++ safe. 2002-08-06 18:31:35 +00:00
jpierre%netscape.com
55bbc1b2b7 Fix for 158141 - add 5 minute slop time for OCSP 2002-08-04 02:50:40 +00:00
relyea%netscape.com
1b5946f3a0 Turn on reset functionality for multiaccessdb clients. 2002-08-02 21:41:01 +00:00
relyea%netscape.com
c0dd962ed9 1) factor out fortezzav1 from the chain processing code to make the code easier
to read.
2) only extract keys if we are using fortezzav1 cert (should speed up cert verify
a bit).
3) Add function to verify a specific CA cert to verify a userCert Usage.
2002-08-02 17:51:20 +00:00
relyea%netscape.com
ff0e1ac35e Merge back 3.5 changes to the tip 2002-08-02 17:43:36 +00:00
jpierre%netscape.com
8fa534cac0 Fix compiler warnings on NT 2002-08-02 00:53:15 +00:00
jpierre%netscape.com
9ee98f355e Fix incorrect macro usage 2002-08-02 00:28:23 +00:00
nelsonb%netscape.com
8e038c1211 Correct the test of IP addresses in Subject Alternative Name extensions.
bug 103752.
2002-08-01 22:51:56 +00:00
relyea%netscape.com
fee201085d Don't crash if we try to read a nickname that has an invalid cert with it. 2002-08-01 22:28:11 +00:00
ian.mcgreer%sun.com
67ce0992b6 this was obviously backwards 2002-08-01 14:23:49 +00:00
wtc%netscape.com
79910e8ffd Bug 157730: minor tweak suggested by brendan. 2002-08-01 05:17:49 +00:00
relyea%netscape.com
dc346d44ed 1) collections have size values that need to be updated.
2) handle the case where we can't get the encoding from the cert.
3) Check the cert validity when we first extract it.
2002-08-01 01:21:28 +00:00
relyea%netscape.com
4befeb7bba Arg.. version 1.63 was a misapplied patch, (supposed to be checked into the
3.5 branch). The result is 1.63 backs out 1.62, which is not the intent.
restore 1.62.
2002-07-31 18:55:59 +00:00
relyea%netscape.com
d9d3b45f9e Bug 157730. Don't crash on bogus input from a PKCS #11 device.
review = be & wtc.
a = asa
2002-07-31 18:50:11 +00:00
relyea%netscape.com
bc8d48d520 Protection against Token misbehaving tokens 2002-07-31 02:00:13 +00:00
wtc%netscape.com
2bd38c9821 Bug 148220: FIPS 198's key size requirement broke the NSS QA. Backing it
out.
2002-07-31 00:55:35 +00:00
wtc%netscape.com
9590c529f0 Bug 148220: the previous checkin missed the inclusion of secerr.h. 2002-07-30 23:19:44 +00:00
nelsonb%netscape.com
ca36e61638 Fix code to work when subjectAltName extension not present in server cert.
Bug 103752.
2002-07-30 23:15:43 +00:00
wtc%netscape.com
e29a299bc0 Bug 148220: enforce FIPS 198's requirement on the secret key's length.
Added an assertion.  Set the error code on error return.
2002-07-30 22:59:13 +00:00
relyea%netscape.com
18b74cde82 Fix pkcs12 memory leak. 2002-07-30 22:51:13 +00:00
bishakhabanerjee%netscape.com
4225da3758 Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 2002-07-30 21:25:56 +00:00
bishakhabanerjee%netscape.com
65f7eca2f9 Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 2002-07-30 20:57:44 +00:00
bishakhabanerjee%netscape.com
e630b647c5 Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 2002-07-30 20:44:13 +00:00
bishakhabanerjee%netscape.com
ed1acde055 Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 2002-07-30 20:36:29 +00:00
nelsonb%netscape.com
ac73526c2c Examine SubjectAltName extensions for SSL server name matching.
Bug 103752.
2002-07-30 19:32:33 +00:00
bishakhabanerjee%netscape.com
532b7c841e Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 2002-07-30 19:01:18 +00:00
bishakhabanerjee%netscape.com
a37737a1ca Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 2002-07-30 18:49:46 +00:00
bishakhabanerjee%netscape.com
a5ff71eccd Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 2002-07-30 18:44:36 +00:00
wtc%netscape.com
fe44dda52c Bug 159976: removed the incorrect linker options for building a bundle on
Mac OS X. The patch is contributed by Ben Hines <bhines@alumni.ucsd.edu>.
2002-07-29 21:48:39 +00:00
nelsonb%netscape.com
b26f28e997 Add missing const qualifiers to NSS's regular expression match functions. 2002-07-29 21:30:31 +00:00
wtc%netscape.com
869ca6f82b Fixed the comment. The length of the secret may be larger than 64 bytes. 2002-07-26 18:20:59 +00:00
wtc%netscape.com
80aae405d5 Removed unused ASN.1 templates and unnecessary declarations.
Modified Files: lowcert.c pcertt.h
2002-07-25 03:59:38 +00:00
relyea%netscape.com
2cf20e0041 return certs in sorted order. 2002-07-23 00:34:20 +00:00
bishakhabanerjee%netscape.com
5c04279163 Setting number of tests to 252 to take out warnings on nightly QA reports -Bug 156959 2002-07-19 23:46:10 +00:00
wtc%netscape.com
bb5752e0f0 Bug 158339: we should not call secmod_freeParams if RNG_RNGInit fails. 2002-07-19 18:31:30 +00:00
jpierre%netscape.com
d57baf5140 Fix for 158221 - make crlutil save memory by using the new PK11_ImportCRL function with the CRL_DECODE_DONT_COPY_DER option 2002-07-19 01:07:27 +00:00
jpierre%netscape.com
a82b9f46ba 158005 - add new CRL decode and import functions . Benefits are :
- ability to import to any slot
- ability to specify decode options, such as "don't copy DER"
- ability to specify import options, such as "don't do CRL checks"
This patch also maps the existing functions SEC_NewCrl and CERT_ImportCRL
to this new function, eliminating the code duplication that existed
2002-07-19 00:59:34 +00:00
jpierre%netscape.com
9a7c0e7303 Fix for 156802 - remove improper check in CRL decoding 2002-07-19 00:12:13 +00:00
jpierre%netscape.com
c509948a27 Remove unreferenced variables 2002-07-18 23:50:03 +00:00
jpierre%netscape.com
24426f202b Fix for 139292 - NSS_NoDBInit regression 2002-07-18 23:08:55 +00:00
jpierre%netscape.com
0ef036408f Fix usage 2002-07-17 22:53:33 +00:00
jpierre%netscape.com
e7033fb486 Fix for 157996 - add support for SEC_NewCrl browser emulation mode in crlutil 2002-07-17 22:22:26 +00:00
wtc%netscape.com
aa78a2f343 Bug 157946: removed the unused -m option. Added the -v option to Usage(). 2002-07-17 18:39:02 +00:00
jpierre%netscape.com
2c39c4639f Fix for 153245 2002-07-17 00:21:09 +00:00
wtc%netscape.com
56c3c291e5 Bug 157750: handle the possibility that some certs do not have a label. 2002-07-16 21:13:40 +00:00
relyea%netscape.com
ccf95e381c Automatically recover from database corruptions when importing new certs. 2002-07-16 16:44:22 +00:00
jpierre%netscape.com
dc151802c8 Make certutil use the new CERT_VerifyCertificate function when verifying certs 2002-07-16 00:45:50 +00:00
relyea%netscape.com
f181c1c7a2 Fix solaris signed/unsigned warnings.
On updating nicknames, create a nickname record if one doesn't exist (that is
somehow the database got corrupted).
2002-07-13 02:45:04 +00:00
relyea%netscape.com
08f068a1b9 Update the CERTDB_USER bits when our key gets imported through pkcs #12. 2002-07-12 03:27:44 +00:00
jpierre%netscape.com
a0d70e4967 Make CERT_VerifyCertificate actually work . Oops. 2002-07-12 02:37:49 +00:00
relyea%netscape.com
eb96a2084d 1) When looking for a trust token, return tokens in the following priority order:
1) r/w token with trust.
2) r/o token with trust.
3) r/w token
4) r/o token

Also, don't crash if we try to change the trust on a cert in temp storage, just return an error.
2002-07-10 21:34:01 +00:00