jpierre%netscape.com
f78a02f328
Fix compiler warnings
2002-09-07 00:25:49 +00:00
jpierre%netscape.com
3a6569e478
Fix compiler warning
2002-09-07 00:22:50 +00:00
jpierre%netscape.com
434867f871
Fix compiler warning under windows
2002-09-07 00:14:14 +00:00
relyea%netscape.com
3ca346f840
Believe both entry types (old and new) when looking for the key.
2002-09-06 23:16:42 +00:00
relyea%netscape.com
869f213889
Initialize len before we use it.
2002-09-06 23:15:35 +00:00
wtc%netscape.com
6d4ccd8d26
Bug 166933: fixed build breakage on the Mac.
...
Modified files: certdb/crl.c certhigh/certhigh.c softoken/dbmshim.c
2002-09-06 20:17:42 +00:00
relyea%netscape.com
dcf684fc77
Bug 166893: copy the DER cert when importing the certificate
2002-09-06 18:48:37 +00:00
nicolson%netscape.com
e179fe8904
Fix 164126: makefile build error.
...
Change the NSS module name from "security" to "nss".
2002-09-06 16:38:56 +00:00
ian.mcgreer%sun.com
1871593ad6
additional patch for bug 166768
2002-09-06 14:10:14 +00:00
jpierre%netscape.com
c16a17bc7a
Fix for 162983 - consider all certs revoked if there is a bad CRL in the cache
2002-09-06 06:53:03 +00:00
wtc%netscape.com
5a3d303bc9
Bug 136804: initialize inFile to PR_STDIN instead of NULL so that we don't
...
crash if the -i option is not specified. Added two assertions to avoid
closing PR_STDIN due to internal errors.
2002-09-06 03:52:49 +00:00
relyea%netscape.com
4f3a923668
UnwrapPubKeyWithFlags is supposed to be public!!
2002-09-06 00:43:25 +00:00
wtc%netscape.com
a897ae16a9
Bugs 166734 and 166785: fixed compiler warnings reported by gcc on Linux.
...
The patch for this checkin is attached to bug 166785.
2002-09-06 00:27:52 +00:00
relyea%netscape.com
a017e8a053
Remove key.db from the using the blob db code. The blob db code uses the cert7.db record format to
...
record blobs in the database, which is incompatible with the key3.db format. (key3 does not have
any record types).
2002-09-06 00:18:24 +00:00
ian.mcgreer%sun.com
019a972928
bug 166741, unitialized variables
...
r=wtc
2002-09-05 22:28:30 +00:00
wtc%netscape.com
7d800864d1
Bug 166933: added quickder.c.
2002-09-05 21:47:24 +00:00
wtc%netscape.com
4f310f7f76
Bug 166933: added dbmshim.c.
2002-09-05 21:46:26 +00:00
ian.mcgreer%sun.com
d681129497
make dsa_SignDigest static (mentioned in bug 166722)
2002-09-05 20:44:09 +00:00
ian.mcgreer%sun.com
935b91935c
bugs 166722 and 166768, compiler warnings in blapitest
...
r=wtc
2002-09-05 20:37:44 +00:00
wtc%netscape.com
a1d5df2a05
Fixed unresolved symbol DPCache_Refresh, which I believe is a misspelling
...
of DP_RefreshCache.
2002-09-05 16:34:27 +00:00
jpierre%netscape.com
3a78c9b53c
Fix for 166714 - make SEC_FindCrlByName use the CRL cache
2002-09-05 06:12:33 +00:00
jpierre%netscape.com
c285793b55
Fix for 166719 - crash in large object file mapping emulation code . r=wtc
2002-09-05 00:25:29 +00:00
nelsonb%netscape.com
b324789645
Treat empty SubjectAltName extensions as if they were non-existant.
...
Bugs 162979 166454.
2002-09-04 00:42:01 +00:00
ian.mcgreer%sun.com
4f529f9bd7
bug 165863, free token on error paths
2002-09-03 19:42:13 +00:00
wtc%netscape.com
f254659354
Bug 165859: fixed the problem that 'collection' was destroyed twice on
...
error in nssTrustDomain_FindCertificateByIssuerAndSerialNumber.
2002-08-31 04:52:46 +00:00
jpierre%netscape.com
5e5a705cb7
Fix for 160805 . Make a copy of items into the arena before calling SEC_QuickDERDecodeItem where needed
2002-08-31 00:37:52 +00:00
wtc%netscape.com
70f99e8394
Checked in an equivalent but simpler fix for Bug 165639
...
(NSSRWLock_UnlockWrite failed to wake up waiting readers).
2002-08-30 23:55:51 +00:00
jpierre%netscape.com
29333f104f
Implement the CRL cache . Bug 149854
2002-08-30 22:57:03 +00:00
jpierre%netscape.com
bcec4b1c38
Fix for 165639 - NSSRWLock_UnlockWrite causes deadlock when using recursivity of locoks. Fix by Wan-Teh
2002-08-30 22:46:45 +00:00
jpierre%netscape.com
62d1f75a0e
Fix comment
2002-08-30 22:45:46 +00:00
relyea%netscape.com
724f0590f9
Check the cert validity only if we actually found a cert.
2002-08-30 20:37:58 +00:00
relyea%netscape.com
e8f4d6e455
Bring SSL strength up to NSS 3.x level.
2002-08-30 17:56:05 +00:00
relyea%netscape.com
8c67c1f99d
When looking for a recipient match, reject non-user certs.
2002-08-29 22:19:46 +00:00
relyea%netscape.com
7dfc67b46e
Export ModInfo call.
2002-08-29 22:11:53 +00:00
relyea%netscape.com
048dddbfac
Filter on keyID, then run through the best cert check.
2002-08-29 22:11:06 +00:00
relyea%netscape.com
9b7f272663
Fix Version spelling, remove rcsid.
2002-08-29 17:45:12 +00:00
jpierre%netscape.com
ff1060bae7
Fix memory corruption
2002-08-29 01:28:53 +00:00
relyea%netscape.com
105a2411db
File with version number for applications
2002-08-28 22:13:19 +00:00
relyea%netscape.com
0ea332961f
Put version number in an external header so applications can check if they
...
are using an up-to-date builtins module.
2002-08-28 22:12:58 +00:00
relyea%netscape.com
3d603dad91
handle dbm blobs withouth stressing libdbm.
2002-08-28 21:51:10 +00:00
ian.mcgreer%sun.com
387eab1238
fix broken builds
2002-08-28 13:27:32 +00:00
relyea%netscape.com
24adc2754c
close hole in trust lookups.
2002-08-27 23:38:29 +00:00
relyea%netscape.com
675de20876
Roll the version number forward
2002-08-27 23:32:31 +00:00
relyea%netscape.com
6abad730cc
Roll the version number forward.
2002-08-27 23:29:36 +00:00
relyea%netscape.com
2b952c4a99
use correct issuer/SN for beTRUSTed -- Entrust
2002-08-27 20:57:48 +00:00
relyea%netscape.com
286095b7a0
beTRUSTed, RSA, GeoTrust, UTN-USER, and AOL Roots also need issuer/SN
2002-08-27 20:41:20 +00:00
relyea%netscape.com
032b21fe1a
Trust objects need Issuer and Serial number.
2002-08-27 20:17:09 +00:00
relyea%netscape.com
3dce5c6a40
Trust attributes need issuer & serial number
2002-08-27 20:15:58 +00:00
kaie%netscape.com
43a34d7ec4
b=107034 OE requires special attribute in incoming signed messages to support dual key certificates. Add new function
...
NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs.
r=relyea
2002-08-27 13:14:42 +00:00
kaie%netscape.com
21b34fa931
Backing myself out, since it didn't compile on Win32, and I would like to discuss the correct fix.
2002-08-27 00:05:11 +00:00
relyea%netscape.com
7a5ee3f753
Remove warning for unreferenced variable.
2002-08-26 21:39:49 +00:00
kaie%netscape.com
d478be6ac5
b=107034 OE requires special attribute in incoming signed messages to support dual key certificates. Add new function
...
NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs.
r=relyea
2002-08-26 21:34:31 +00:00
relyea%netscape.com
7ec5b51352
Bug 164690. Fix missing break;
2002-08-26 21:16:07 +00:00
relyea%netscape.com
5d6a14c82b
Fix URL check. we should check crl->url for null, not the uninitialized variable url.
2002-08-26 16:27:49 +00:00
jpierre%netscape.com
dc99c08db3
Fix for 164471 - Hide passwords in NSS command-line tools on OS/2
2002-08-25 03:00:34 +00:00
jpierre%netscape.com
95bad7466f
Correctly identify tty on OS/2 - fix for 164420
2002-08-24 13:46:50 +00:00
jpierre%netscape.com
cdaf8705fe
Fix for 164403 - make console input work in NSS tools on OS/2
2002-08-24 11:51:42 +00:00
jpierre%netscape.com
463500a5ab
Convert slow SEC_ASN1DecodeItem calls to SEC_QuickDERDecodeItem where possible. Performance improvement. Bug #160805 . r=relyea
2002-08-24 00:52:47 +00:00
wtc%netscape.com
77296171f1
Removed CERT_VerifyCertChain from the export list. Use
...
CERT_VerifyCACertForUsage instead.
2002-08-23 18:58:52 +00:00
rangansen%netscape.com
23625d6f94
Removing c++ style comment
2002-08-23 18:31:22 +00:00
rangansen%netscape.com
5fcabb2b51
Making sure VerifyCACertForUsage checks CRL if usage is statusResponder. Changes reviewed by Bob Relyea
2002-08-23 18:02:10 +00:00
relyea%netscape.com
4116e5ba07
Fix mixing different free calls. PR_smprintf requires PR_smprintf_free()
2002-08-23 02:12:05 +00:00
relyea%netscape.com
a1ac38f4be
handle attribute types more intellegently. Don't fetch the object for invalid attributes if we don't have to.
2002-08-23 02:11:03 +00:00
wtc%netscape.com
2190605135
Bug 164035: checked in a small code optimization suggested by
...
J�rg Brunsmann <joerg_brunsmann@yahoo.de>. Use the local variable that
has the same value.
2002-08-22 18:05:32 +00:00
relyea%netscape.com
f5603c8844
Add pubwrap with flags
2002-08-22 00:41:41 +00:00
wtc%netscape.com
401d42ef18
Bug 163863: removed duplicate PORT_Memset calls in CERT_KeyFromDERCert.
...
Thanks to J�rg Brunsmann <joerg_brunsmann@yahoo.de> for the fix.
2002-08-21 18:05:20 +00:00
relyea%netscape.com
943dd39f49
1) fix crl memory.
...
2) remove several memory copies in the crl.
2002-08-21 00:09:23 +00:00
relyea%netscape.com
78007eba43
Bug 142172
...
1) look up the private key much earlier in the process so we know what slot it is on.
2) if a slot isn't specified, you the private key's slot.
3) if the specified slot and the private key slot don't match & the private key slot can do the PBE, then use the private key slot to do the PBE so we don't have to move the key.
4) if we have generated the PBE key in a different slot from the private key,
2002-08-19 18:24:58 +00:00
relyea%netscape.com
bb6cf23f23
use error code in secutil.
...
Clean up the output.
Print out cert chain parsing issues more completely.
2002-08-16 23:09:02 +00:00
relyea%netscape.com
cf0278de93
Quick and dirty utility to pink SSL servers to see if they are configured
...
correctly.
NOTES: This program is a (very slightly) modified version of the
SSLSample/client.c program. As such it used the sample program support, which is
a duplication of much of secutil. Future enhancements would be 1) link with
secutil.lib. 2) When handling BadCert requests, run the Full VerifyCert and dump
the results. Make connections to the servers testing SSL2, SSL3 and TLS.
Changes were basically 1) Set the program to run without a security database
(this means no token support, or client auth). 2) Explicitly load the builtins
module so that we can test against the standard trust.
2002-08-16 16:29:18 +00:00
jpierre%netscape.com
e5ec791fa2
Correctly count the number of items in a SEQUENCE OF or SET OF in quickder decoder. Bug found by one of Terry's tests.
2002-08-16 00:05:55 +00:00
nicolson%netscape.com
62f1239586
Fix 162761: PK11_GetKeyGen should work if you pass in a keygen alg.
...
Make PK11_GetKeyGen an identity function for keygen algs.
2002-08-14 23:57:45 +00:00
relyea%netscape.com
0fb6e546c6
bug 161552: Make the recipient list traversal functions call the internal
...
nsstoken_FindCertByIssuerAndSN() function to gain the benefit of the fixed
Searching code.
2002-08-14 20:42:40 +00:00
relyea%netscape.com
721712b0a2
Mozilla bug 145228. Clear out buffer to protect agains lazy PKCS #11 modules.
2002-08-13 00:13:48 +00:00
nelsonb%netscape.com
c957d262ac
Test the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. Also, order
...
tests so all SSL3 tests are done before all TLS tests.
2002-08-09 22:09:18 +00:00
nelsonb%netscape.com
eeff02773b
Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. Fix Usage.
2002-08-09 22:06:12 +00:00
nelsonb%netscape.com
e90c165157
Add support for SSL_RSA_WITH_NULL_SHA. Bug 161529. Fix usage message.
2002-08-09 21:58:28 +00:00
nelsonb%netscape.com
644319e67f
Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529.
2002-08-09 21:53:17 +00:00
relyea%netscape.com
cbd308d951
Handle the switch from the static buffer to the realloc buffer.
2002-08-09 18:48:31 +00:00
relyea%netscape.com
c57a14afb4
remove unreferenced Variable.
2002-08-09 18:05:24 +00:00
jpierre%netscape.com
e6ee1f4c60
Add comment about partial CRLs
2002-08-09 07:09:25 +00:00
wtc%netscape.com
f0a85f101a
Bug 148220: removed the unused field 'isFIPS'.
2002-08-08 22:52:14 +00:00
relyea%netscape.com
667aff1517
Bug 607834. save the correct name on so we can reset the database.
2002-08-08 18:02:34 +00:00
jpierre%netscape.com
6eeafa0a3a
Stop referencing deleted quickder.h header
2002-08-08 01:55:34 +00:00
jpierre%netscape.com
81744b6f54
Updates to quick DER decoder, bug # 161215
...
Fixes from Terry's review :
- remove quick allocator
- always allocate entry array even if there is 0 entry
- rename DecodeConstructed to DecodeExplicit and use a better test for that case
- other misc small fixes
Also move SEC_QuickDERDecodeItem to secasn1.h
2002-08-08 01:54:38 +00:00
wtc%netscape.com
dd0afb2cee
Bug 148220: implements FIPS 198 conformance. r=relyea.
...
Modified Files: alghmac.c alghmac.h lowpbe.c pkcs11c.c
2002-08-07 23:27:58 +00:00
nelsonb%netscape.com
3843ef99c0
Fix bug 160207 by changing the error alerts we send for failed decryption.
2002-08-07 20:01:51 +00:00
jpierre%netscape.com
9b074c9def
Fix for 157649 - allow crlutil to do partial decoding so it can be used as a test program
2002-08-07 03:53:07 +00:00
jpierre%netscape.com
b4ea41c359
Additional error reporting
2002-08-07 03:47:23 +00:00
jpierre%netscape.com
1e8c079b69
Implement partial CRL decoding. Fix for 149816. r=wtc . Uses new quick DER decoder
2002-08-07 03:44:12 +00:00
jpierre%netscape.com
7759ca21de
Reorder functions to avoid forward declaration of DecodePointer
2002-08-07 03:40:47 +00:00
jpierre%netscape.com
4607bbf866
Be consistent in memory allocations - use QuickZAlloc
2002-08-07 03:36:46 +00:00
jpierre%netscape.com
42d8685ccc
Add new quick DER decoder. r=wtc
2002-08-07 03:25:47 +00:00
wtc%netscape.com
fdc41cd064
Bug 161316: make pk11pqg.h C++ safe.
2002-08-06 18:31:35 +00:00
jpierre%netscape.com
55bbc1b2b7
Fix for 158141 - add 5 minute slop time for OCSP
2002-08-04 02:50:40 +00:00
relyea%netscape.com
1b5946f3a0
Turn on reset functionality for multiaccessdb clients.
2002-08-02 21:41:01 +00:00
relyea%netscape.com
c0dd962ed9
1) factor out fortezzav1 from the chain processing code to make the code easier
...
to read.
2) only extract keys if we are using fortezzav1 cert (should speed up cert verify
a bit).
3) Add function to verify a specific CA cert to verify a userCert Usage.
2002-08-02 17:51:20 +00:00
relyea%netscape.com
ff0e1ac35e
Merge back 3.5 changes to the tip
2002-08-02 17:43:36 +00:00
jpierre%netscape.com
8fa534cac0
Fix compiler warnings on NT
2002-08-02 00:53:15 +00:00
jpierre%netscape.com
9ee98f355e
Fix incorrect macro usage
2002-08-02 00:28:23 +00:00
nelsonb%netscape.com
8e038c1211
Correct the test of IP addresses in Subject Alternative Name extensions.
...
bug 103752.
2002-08-01 22:51:56 +00:00
relyea%netscape.com
fee201085d
Don't crash if we try to read a nickname that has an invalid cert with it.
2002-08-01 22:28:11 +00:00
ian.mcgreer%sun.com
67ce0992b6
this was obviously backwards
2002-08-01 14:23:49 +00:00
wtc%netscape.com
79910e8ffd
Bug 157730: minor tweak suggested by brendan.
2002-08-01 05:17:49 +00:00
relyea%netscape.com
dc346d44ed
1) collections have size values that need to be updated.
...
2) handle the case where we can't get the encoding from the cert.
3) Check the cert validity when we first extract it.
2002-08-01 01:21:28 +00:00
relyea%netscape.com
4befeb7bba
Arg.. version 1.63 was a misapplied patch, (supposed to be checked into the
...
3.5 branch). The result is 1.63 backs out 1.62, which is not the intent.
restore 1.62.
2002-07-31 18:55:59 +00:00
relyea%netscape.com
d9d3b45f9e
Bug 157730. Don't crash on bogus input from a PKCS #11 device.
...
review = be & wtc.
a = asa
2002-07-31 18:50:11 +00:00
relyea%netscape.com
bc8d48d520
Protection against Token misbehaving tokens
2002-07-31 02:00:13 +00:00
wtc%netscape.com
2bd38c9821
Bug 148220: FIPS 198's key size requirement broke the NSS QA. Backing it
...
out.
2002-07-31 00:55:35 +00:00
wtc%netscape.com
9590c529f0
Bug 148220: the previous checkin missed the inclusion of secerr.h.
2002-07-30 23:19:44 +00:00
nelsonb%netscape.com
ca36e61638
Fix code to work when subjectAltName extension not present in server cert.
...
Bug 103752.
2002-07-30 23:15:43 +00:00
wtc%netscape.com
e29a299bc0
Bug 148220: enforce FIPS 198's requirement on the secret key's length.
...
Added an assertion. Set the error code on error return.
2002-07-30 22:59:13 +00:00
relyea%netscape.com
18b74cde82
Fix pkcs12 memory leak.
2002-07-30 22:51:13 +00:00
bishakhabanerjee%netscape.com
4225da3758
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 21:25:56 +00:00
bishakhabanerjee%netscape.com
65f7eca2f9
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 20:57:44 +00:00
bishakhabanerjee%netscape.com
e630b647c5
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 20:44:13 +00:00
bishakhabanerjee%netscape.com
ed1acde055
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 20:36:29 +00:00
nelsonb%netscape.com
ac73526c2c
Examine SubjectAltName extensions for SSL server name matching.
...
Bug 103752.
2002-07-30 19:32:33 +00:00
bishakhabanerjee%netscape.com
532b7c841e
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 19:01:18 +00:00
bishakhabanerjee%netscape.com
a37737a1ca
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 18:49:46 +00:00
bishakhabanerjee%netscape.com
a5ff71eccd
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 18:44:36 +00:00
wtc%netscape.com
fe44dda52c
Bug 159976: removed the incorrect linker options for building a bundle on
...
Mac OS X. The patch is contributed by Ben Hines <bhines@alumni.ucsd.edu>.
2002-07-29 21:48:39 +00:00
nelsonb%netscape.com
b26f28e997
Add missing const qualifiers to NSS's regular expression match functions.
2002-07-29 21:30:31 +00:00
wtc%netscape.com
869ca6f82b
Fixed the comment. The length of the secret may be larger than 64 bytes.
2002-07-26 18:20:59 +00:00
wtc%netscape.com
80aae405d5
Removed unused ASN.1 templates and unnecessary declarations.
...
Modified Files: lowcert.c pcertt.h
2002-07-25 03:59:38 +00:00
relyea%netscape.com
2cf20e0041
return certs in sorted order.
2002-07-23 00:34:20 +00:00
bishakhabanerjee%netscape.com
5c04279163
Setting number of tests to 252 to take out warnings on nightly QA reports -Bug 156959
2002-07-19 23:46:10 +00:00
wtc%netscape.com
bb5752e0f0
Bug 158339: we should not call secmod_freeParams if RNG_RNGInit fails.
2002-07-19 18:31:30 +00:00
jpierre%netscape.com
d57baf5140
Fix for 158221 - make crlutil save memory by using the new PK11_ImportCRL function with the CRL_DECODE_DONT_COPY_DER option
2002-07-19 01:07:27 +00:00
jpierre%netscape.com
a82b9f46ba
158005 - add new CRL decode and import functions . Benefits are :
...
- ability to import to any slot
- ability to specify decode options, such as "don't copy DER"
- ability to specify import options, such as "don't do CRL checks"
This patch also maps the existing functions SEC_NewCrl and CERT_ImportCRL
to this new function, eliminating the code duplication that existed
2002-07-19 00:59:34 +00:00
jpierre%netscape.com
9a7c0e7303
Fix for 156802 - remove improper check in CRL decoding
2002-07-19 00:12:13 +00:00
jpierre%netscape.com
c509948a27
Remove unreferenced variables
2002-07-18 23:50:03 +00:00
jpierre%netscape.com
24426f202b
Fix for 139292 - NSS_NoDBInit regression
2002-07-18 23:08:55 +00:00
jpierre%netscape.com
0ef036408f
Fix usage
2002-07-17 22:53:33 +00:00
jpierre%netscape.com
e7033fb486
Fix for 157996 - add support for SEC_NewCrl browser emulation mode in crlutil
2002-07-17 22:22:26 +00:00
wtc%netscape.com
aa78a2f343
Bug 157946: removed the unused -m option. Added the -v option to Usage().
2002-07-17 18:39:02 +00:00
jpierre%netscape.com
2c39c4639f
Fix for 153245
2002-07-17 00:21:09 +00:00
wtc%netscape.com
56c3c291e5
Bug 157750: handle the possibility that some certs do not have a label.
2002-07-16 21:13:40 +00:00
relyea%netscape.com
ccf95e381c
Automatically recover from database corruptions when importing new certs.
2002-07-16 16:44:22 +00:00
jpierre%netscape.com
dc151802c8
Make certutil use the new CERT_VerifyCertificate function when verifying certs
2002-07-16 00:45:50 +00:00
relyea%netscape.com
f181c1c7a2
Fix solaris signed/unsigned warnings.
...
On updating nicknames, create a nickname record if one doesn't exist (that is
somehow the database got corrupted).
2002-07-13 02:45:04 +00:00
relyea%netscape.com
08f068a1b9
Update the CERTDB_USER bits when our key gets imported through pkcs #12 .
2002-07-12 03:27:44 +00:00
jpierre%netscape.com
a0d70e4967
Make CERT_VerifyCertificate actually work . Oops.
2002-07-12 02:37:49 +00:00
relyea%netscape.com
eb96a2084d
1) When looking for a trust token, return tokens in the following priority order:
...
1) r/w token with trust.
2) r/o token with trust.
3) r/w token
4) r/o token
Also, don't crash if we try to change the trust on a cert in temp storage, just return an error.
2002-07-10 21:34:01 +00:00
wtc%netscape.com
a71935e132
Bug 155626: Handle the failure of ocsp_CreateCertID and use the new
...
CERT_GetOCSPResponseStatus function.
2002-07-10 15:16:10 +00:00
wtc%netscape.com
28c55e9bf1
Sorted the NSS 3.6 symbols in alphabetical order.
2002-07-10 15:04:23 +00:00
jpierre%netscape.com
9f541c35f5
Fix for 149832 :
...
do not check certUsageVerifyCA
clean-up comments
correctly check for signature after first try
2002-07-10 05:02:46 +00:00
jpierre%netscape.com
79e42fa05e
Back out last change
2002-07-10 03:41:02 +00:00
jpierre%netscape.com
e7792d0931
Fix bug in new CERT_VerifyCertificate function - fix for 149832
2002-07-10 03:30:15 +00:00
relyea%netscape.com
30e66d1db6
Handle the case where the cert is in both the built-ins and the internal module.
2002-07-10 03:24:14 +00:00
relyea%netscape.com
a035ec8c53
Don't crash if a pkcs #11 device gives us an invalid CRL (or even a valid CRL that we don't know how to parse).
2002-07-10 01:31:01 +00:00
relyea%netscape.com
e42ef90c97
Don't delete the nickname entry until we go to delete the subject entry as well.
2002-07-10 01:04:10 +00:00
jpierre%netscape.com
9bfb36161f
Fix for 154212
2002-07-10 00:56:16 +00:00
jpierre%netscape.com
c101367238
Fix for 154212 - update patch for CERT_SaveSMimeProfile based on Bob's comments
2002-07-10 00:07:39 +00:00
wtc%netscape.com
f1205a5879
Removed README.TXT, which is just README with Windows line endings (CRLF).
2002-07-09 17:11:25 +00:00
wtc%netscape.com
93a5154bf5
Added the README file, which explains how to add a root CA certificate to
...
the nssckbi loadable root certs module.
2002-07-09 17:00:30 +00:00
relyea%netscape.com
73bc75ae28
treat lastTime of 0 as never having checked (not within the interval).
2002-07-09 04:40:35 +00:00
relyea%netscape.com
006e3925e9
1) fix return type warning in pk11ListCertsCallback.
...
2) treat lastTime==0 as always outside the delay time. (removes spurious
prompts in FIPS mode on some platforms.)
2002-07-09 04:39:35 +00:00
jpierre%netscape.com
967d483ebe
Add new CERT_VerifyCertificate function - fix for 149832
2002-07-04 03:09:49 +00:00
javi%netscape.com
6f5c3918c6
Go back to the lower case mechanism for the ocspResponse_* flags.
2002-07-03 20:22:27 +00:00
javi%netscape.com
218a44e67b
Final patch for Bug 155626 which enables 3rd party apps to use the NSS
...
libraries to encode/decode OCSP responses/requests on their own.
2002-07-03 20:18:10 +00:00
javi%netscape.com
7c36eac5d2
Use the newly exported symbol names.
2002-07-03 00:13:25 +00:00
javi%netscape.com
1f078c5776
Break up OCSP so that 3rd party apps can send off an OCSP request and parse
...
it.
2002-07-03 00:02:39 +00:00
relyea%netscape.com
4f9e4c1700
Handle the case where we don't get the Token object from NewToken (It gets converted from a session object in handleobjects).
2002-07-02 19:58:49 +00:00
relyea%netscape.com
6880c87a8d
More performance improvements in listing certs:
...
1) reduce more short term memory allocate/frees.
2) remove sha1 hash calculations from critical paths.
3) when listing user certs, skip decoding of non-user certs.
2002-07-02 15:11:29 +00:00
relyea%netscape.com
af924e2843
Initialize type fields to supress purify uninitialized reference warnings.
2002-06-28 03:00:10 +00:00
jpierre%netscape.com
6f31863e61
Add VISA root cert - bug 139874
2002-06-28 01:07:37 +00:00
wtc%netscape.com
c81143956b
Bugzilla bug 154656: changed "softoken" to "softokn" to match the file
...
name.
2002-06-27 18:34:17 +00:00
jpierre%netscape.com
7ecdf837d4
Fix for 154212 - make CERT_SaveSMimeProfile copy the cert to the database if it comes from an external source
2002-06-27 00:18:35 +00:00
relyea%netscape.com
43480112f3
Initialize type field to clear off purify warnings.
2002-06-25 23:00:59 +00:00
relyea%netscape.com
c8d5ba28b5
Don't force the update if the cert doesn't already exist.
2002-06-25 22:58:13 +00:00
relyea%netscape.com
87a3188583
Collect the full names of the certs, not just the stan names.
2002-06-25 22:57:22 +00:00
relyea%netscape.com
6061b43df2
Add new function which returns the NSS 3.4 style nickname directly from a
...
NSSCertificate structure.
2002-06-25 22:33:37 +00:00
ian.mcgreer%sun.com
4091f82677
two more places to dump templates
2002-06-25 19:40:16 +00:00
ian.mcgreer%sun.com
bb3bfc1199
fix AIX builds, 64-bit compiler chokes on large switches in debug builds
2002-06-25 16:57:40 +00:00
relyea%netscape.com
5fc7efb515
Fix solaris compiler error/warning. Fix prototype to return correct value (PRBool not PRStatus).
2002-06-24 23:54:16 +00:00
relyea%netscape.com
7caefab6ed
Don't decode or extract trust for certs if we are just getting the nicknames -- particularly for user certs.
2002-06-24 22:36:59 +00:00
ian.mcgreer%sun.com
2a67969b3c
fix broken AIX builds
2002-06-24 22:29:12 +00:00
ian.mcgreer%sun.com
b73a1edc81
log more mechanisms and templates
2002-06-24 22:22:57 +00:00
relyea%netscape.com
cbeed1cfd5
Copy the type value as well as the rest.
2002-06-24 21:57:27 +00:00
relyea%netscape.com
7cc9843630
More performance improvements for PK11ListCerts/ CERT_GetUserCertByUsage().
2002-06-24 21:54:41 +00:00
nelsonb%netscape.com
071fe9ae9c
Fix bug 135261. Create symbolic names for the values 2 and 3 for the
...
SSL_REQUIRE_CERTIFICATE option. Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.
2002-06-22 01:40:32 +00:00
relyea%netscape.com
3c89da1564
Need to preserve non-modifiable trustbits.
2002-06-21 22:28:03 +00:00
relyea%netscape.com
aa8dddaacb
zero structure before we fill it in, not after
2002-06-21 20:25:49 +00:00
wtc%netscape.com
47b432c0f5
Bug 153380: TLS is enabled by default now.
2002-06-21 18:25:46 +00:00
javi%netscape.com
b81e7cc522
Make the file C++ friendly.
2002-06-20 22:32:38 +00:00
relyea%netscape.com
ffa0ecc514
Reduce the cost of decoding a certificate.
2002-06-20 18:53:16 +00:00
relyea%netscape.com
d7a32bbce6
reduce the calls to get the login state as these calls seem to be pretty expensive
...
for some tokens.
2002-06-20 18:49:45 +00:00
relyea%netscape.com
eb95452896
Patches to reduce the cost of getting attributes on certs or finding certs in lists.
2002-06-20 18:46:47 +00:00
ian.mcgreer%sun.com
48d6b949c1
bug 98926, PKCS#11 session logging
2002-06-19 18:32:57 +00:00
rangansen%netscape.com
bff8c533ce
exporting CERT_VerifyCertChain. r=relyea
2002-06-19 15:58:51 +00:00
ian.mcgreer%sun.com
4cf84d39dd
missed part of last patch (bug 145322)
2002-06-19 15:26:55 +00:00
ian.mcgreer%sun.com
e30639f9cd
bug 145322, second patch, clean up pk11_saveContextHelper
2002-06-19 15:22:54 +00:00
ian.mcgreer%sun.com
607f12501a
bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc
...
r=relyea
2002-06-19 15:21:37 +00:00
ian.mcgreer%sun.com
0992642b67
bug 150704, PK11_Finalize can crash because softoken does not implement C_XXXFinal correctly
2002-06-19 14:59:24 +00:00
bishakhabanerjee%netscape.com
19dbdc5df8
correcting init_mcom function to enable "nssqa" to run at Netscape - 150752
2002-06-18 21:45:31 +00:00
relyea%netscape.com
6f356a0f36
1) Map flags both coming and going.
...
2) Finish transaction of the target database not the source database.
2002-06-18 16:41:41 +00:00
wtc%netscape.com
29df488eaa
Bug 151940: SEC_PKCS12DecoderVerify should call SEC_ASN1DecoderFinish first
...
to detect insufficient input data error.
2002-06-18 05:00:39 +00:00
relyea%netscape.com
27153b6afb
Standardize the open flags as 'enums' when using multiaccess databases, no matter
...
if we are using PR_ versions of the flags or O_ versions of the flags.
2002-06-17 18:46:27 +00:00
relyea%netscape.com
e2f5a0ac1f
check version of the existing DB, not the updatedb.
2002-06-14 17:29:56 +00:00
relyea%netscape.com
d31340924d
Add transactions to the database update portion of the code.
2002-06-13 23:25:37 +00:00
relyea%netscape.com
3839be90f6
Update cert handle on token insertion/removal.
2002-06-13 21:43:30 +00:00
relyea%netscape.com
e84f17e0ea
Add series to keep track of object handle value validity.
2002-06-13 21:42:41 +00:00
relyea%netscape.com
b7167f5cba
Reset the cert cache and clobber cert handles on token insertion an removal
2002-06-13 21:40:43 +00:00
jpierre%netscape.com
8739d6f231
Add missing AOL root CA certs
2002-06-13 10:14:50 +00:00
relyea%netscape.com
696026ef88
When checking NeedInit status, go back and check the token in case the token
...
has been initialized offline.
2002-06-11 23:33:25 +00:00
jpierre%netscape.com
b473a8e33d
Update for root certs - bug 139874
2002-06-11 23:16:25 +00:00
kirk.erickson%sun.com
80cae9e038
Fixed indentation caught by Wan-Teh (66606).
2002-06-11 22:41:45 +00:00
kirk.erickson%sun.com
6e3d00368d
Resolves 66606. Added -O (enable OCSP checking).
2002-06-11 16:29:28 +00:00
ddrinan%netscape.com
c87736a06b
Bug 150708. Incorrect keysize when finding bulk alg. r=wtc.
2002-06-10 22:00:32 +00:00
relyea%netscape.com
bb528345ff
Return public and private keys in the order specified by the PKCS #11 spec.
2002-06-10 20:33:31 +00:00
jpierre%netscape.com
165951e036
Fix for 141256 - rewrite OCSP HTTP download code to fix error handling
2002-06-06 01:05:40 +00:00
jpierre%netscape.com
42c9d8d43b
Fix for 139874 - Inject Latest CA Root Certs
2002-06-06 00:12:56 +00:00
thayes%netscape.com
9355438f45
Reserve OID (netscape_name_components 2) - see 605437
2002-06-04 21:46:05 +00:00
bishakhabanerjee%netscape.com
76c8329a07
to build the new NSS tests.. bugzilla bug 144316
2002-06-03 17:16:57 +00:00
wtc%netscape.com
c99a93829c
Backed out the previous checkin, which is not being used and triggers
...
a bug in gmake 3.76.1 with MKS shell on Windows.
2002-06-01 04:31:44 +00:00
wtc%netscape.com
a1598af613
Use $(DLL_SUFFIX) instead of ${DLL_SUFFIX}.
2002-06-01 04:25:38 +00:00
nicolson%netscape.com
fa1fbd5d69
Fix 147794: PK11_ImportDERPrivateKeyInfoAndReturnKey frees the private key incorrectly.
2002-06-01 00:43:46 +00:00
rangansen%netscape.com
b355617820
Fix to ensure change password on db is commited - using rv == SECSuccess would actually abort it.
...
r = wtc
2002-06-01 00:37:00 +00:00
wtc%netscape.com
6a49741d7d
This is a test. I changed Revision and Date to bogus values and want to
...
see what actually got checked in.
2002-05-30 02:08:07 +00:00
wtc%netscape.com
118670f573
Import NSPR 4.2 and DBM 1.61.
2002-05-30 00:36:48 +00:00
ian.mcgreer%sun.com
7ad9c0cc44
bug 136701, certutil should use PK11_ListCerts
2002-05-29 18:19:33 +00:00
kirk.erickson%sun.com
9ef935cd78
Fixed OCSP typo.
2002-05-28 18:26:37 +00:00
wtc%netscape.com
a0715a5bd0
Bug 142575: use the PRIVATE keyword for the /EXPORT linker option.
2002-05-25 16:00:55 +00:00
wtc%netscape.com
278f8fcbfa
Bug 142575: use the /EXPORT linker option on the command line.
...
Modified files: nssinit.c config.mk
2002-05-25 06:52:19 +00:00
wtc%netscape.com
c82e51fc58
Bug 142575: a better fix.
2002-05-25 01:02:39 +00:00
wtc%netscape.com
54db8b9c90
Bug 142575: added function forwarder for 'mktemp' for "bug compatibility".
2002-05-24 21:00:55 +00:00
javi%netscape.com
d19ba0f868
Make pkcs12.h C++ friendly.
2002-05-24 20:11:29 +00:00
wtc%netscape.com
00ab5fdbae
Back out the previous checkin. It broken the cmd/certcgi build.
2002-05-24 14:58:02 +00:00
javi%netscape.com
69088764da
Add macros to make header file C++ friendly.
2002-05-24 00:53:48 +00:00
wtc%netscape.com
b1a997971e
Bug 142575: on Windows added mktemp (which simply calls _mktemp in the C
...
run-time library) to be backward compatible with the bug that mktemp was
accidentally exported from the nss3.dll in NSS 3.2.x and 3.3.x.
2002-05-23 22:28:50 +00:00
kirk.erickson%sun.com
fa04da4ff4
Resolves bug 90070 (now exiting with PK12UERR_PK11GETSLOT 13).
2002-05-23 22:21:42 +00:00
relyea%netscape.com
a37f083171
Refresh token cache after login on tokens that need to log in before they
...
could read their certs.
2002-05-22 23:13:05 +00:00
relyea%netscape.com
dccf0f20f4
Close our peer database handles because some platforms (Mac) do bad things
...
if you hold two berkelydb handles open to the same database in the same process.
(actually a lot of platforms could cause problems, the Mac version of dbm (1.85)
just does the bad things right away).
2002-05-22 21:47:23 +00:00
relyea%netscape.com
482a55e955
Back out the change on Module destruction.
2002-05-22 00:25:48 +00:00
relyea%netscape.com
dc0b0c243c
Don't crash if url is specified, but the crl is broken
2002-05-21 21:26:52 +00:00
relyea%netscape.com
91abc91169
Missing component when deleting should not be fatal
2002-05-21 21:26:14 +00:00
relyea%netscape.com
3b707d47e7
Fix spelling error.
...
Clear out certs from the cache before the token goes away.
2002-05-21 21:24:35 +00:00
relyea%netscape.com
c936511eb9
Fix spelling error.
2002-05-21 21:23:33 +00:00
relyea%netscape.com
fe96b95117
Clear out certs associated with tokens that have just been taken off the trust domain.
2002-05-21 21:22:55 +00:00
jpierre%netscape.com
d5de75b62b
Fix for bug 137645 - cached certificate does not get its nickname updated after P12 import of matching user certificate
2002-05-20 23:21:39 +00:00
ian.mcgreer%sun.com
dc613b61ee
bug 144309, return value of STAN_GetCERTCertificate not checked
...
r=wtc
2002-05-20 18:05:11 +00:00
ian.mcgreer%sun.com
b60654eafd
fix bustage caused by generated file discrepancies
2002-05-20 16:01:21 +00:00
ian.mcgreer%sun.com
8fca6832bc
need to match ckapi.perl with generated target nssck.api, which was modified
2002-05-20 14:38:48 +00:00
wtc%netscape.com
5b50af192d
Bugzilla bug 145178: added OpenBSD build support. The patch is contributed
...
by Christopher Seawood <seawood@netscape.com>.
Modified Files: coreconf/config.mk sslmutex.c sslmutex.h
Added Files: coreconf/OpenBSD.mk
2002-05-18 03:24:17 +00:00
wtc%netscape.com
a1bc754db7
Bugzilla bug 131171: added HP-UX IPF (ia64) support. Portions of the patch
...
(attachment 84127) were contributed by Jim Dunn <jdunn@netscape.com>.
2002-05-18 00:52:11 +00:00
wtc%netscape.com
c8518d87b7
Bugzilla bug 145128: fixed a typo error in sec_pkcs5_rc4(). Also simplfied
...
two other similar constructs. r=relyea.
2002-05-17 21:29:27 +00:00
ian.mcgreer%sun.com
787847bf44
bug 144448, incorrect use of ## operator in creating CKFW entry points
2002-05-17 18:57:34 +00:00
relyea%netscape.com
f83a0c6851
Fix Linux and Solaris builds
2002-05-17 00:39:26 +00:00
relyea%netscape.com
ff81ec8d87
The tip is now NSS 3.6, make sure new builds properly indicate this
2002-05-16 22:12:37 +00:00