Commit Graph

1966 Commits

Author SHA1 Message Date
wtc%netscape.com
4747c98947 Whitespace change. 2002-04-30 00:11:19 +00:00
relyea%netscape.com
cec43732fb Use NewTempCert and AddTempCert when importing because the cert may already exist
in the cache.
2002-04-29 23:54:07 +00:00
wtc%netscape.com
35e9736426 Added pkibase.c to the project. 2002-04-26 23:29:19 +00:00
wtc%netscape.com
787be44323 Needed a (char *) cast for slotInfo.manufacturerID because it is an array
of "unsigned" chars.  Mac's compiler complains about that.
2002-04-26 23:05:40 +00:00
wtc%netscape.com
4841e2949f Removed devobject.c from the project. That file was removed. 2002-04-26 22:52:07 +00:00
wtc%netscape.com
2762eaebca Need to define SHLIB_SUFFIX for lib/softoken/dbinit.c. 2002-04-26 22:42:15 +00:00
relyea%netscape.com
3d3a200209 return error when incomplete shutdown has been detected. 2002-04-26 22:36:07 +00:00
ian.mcgreer%sun.com
cdae9ed5a1 When doing cert traversals, create the certs in full as they are found. This avoids thrashing the softoken's object cache when the database has a large number of certs. 2002-04-26 14:34:05 +00:00
ian.mcgreer%sun.com
74b86448f7 fix broken HPUX builds 2002-04-26 12:59:06 +00:00
relyea%netscape.com
600cb240a3 Add code to update nickname and 'CKA_ID' from set attribute calls. This allows
us to add a nickname to a cert after we import it from pkcs #12.
2002-04-26 01:44:33 +00:00
relyea%netscape.com
fbb0134208 Write the nickname entry as well when adding a nickname to a bug. 2002-04-26 01:09:21 +00:00
relyea%netscape.com
2cd6213ca5 Detect Active Card presents and disable PROTECTED_PIN_PATH login when found. 2002-04-25 21:24:47 +00:00
wtc%netscape.com
d3e14fdce2 Deleted code that was made obsolete by the previous revision. 2002-04-25 21:10:09 +00:00
relyea%netscape.com
1abdbba5a8 Don't let activeCards set the Protect_Auth bit because they weren't intending to
to begin with.
2002-04-25 20:57:06 +00:00
ian.mcgreer%sun.com
44d76f3678 if a cert already exists, use C_SetAttributeValue to change its mutable attributes during import (instead of trying to recreate it) 2002-04-25 20:49:49 +00:00
ian.mcgreer%sun.com
05bc7f4136 bug 138626, remove deleted cert from cache even if references still exist 2002-04-25 19:37:30 +00:00
ian.mcgreer%sun.com
2e14215952 reorganize token cache so that cache entries for imported objects are created from the token, not from the user-supplied template 2002-04-25 19:33:47 +00:00
relyea%netscape.com
b02d968215 NSS 3.4 has branch, that makes the tip at least NSS 3.5 2002-04-25 18:51:45 +00:00
relyea%netscape.com
0008ea5125 Don't set the Token value before fetching CRL attributes. This code is fetching
attributes from a known CRL, not looking up new attributes (I'm pretty sure that
CVS apropos would show I checked in the previously wrong code).

bob
2002-04-25 18:33:45 +00:00
sonja.mirtitsch%sun.com
adb8e67a58 trying a version that can test tip as default for tinderbox and 341
as default for nightly QA
2002-04-25 01:04:10 +00:00
relyea%netscape.com
8747bf72ad Don't crash if our cache entry is not found. 2002-04-25 00:45:42 +00:00
relyea%netscape.com
35695b7987 Turn off caching for non-hardware tokens for now until we fix some of our
tokens which can be updated out-of-band to use the proper 'removable token'
semantics.
2002-04-25 00:25:58 +00:00
relyea%netscape.com
df120eb43d Don't crash if we don't find the profile (and thus don't have a slot to free). 2002-04-24 22:23:37 +00:00
ian.mcgreer%sun.com
217231840b This is a real corner case. If a search is done by issuer/serial, and the returned cert was in the cache, need to see if the cert's slot was removed. If so, destroy the cert and retry the search on the present tokens. 2002-04-24 19:39:41 +00:00
relyea%netscape.com
23724ed2c8 Don't crash when getting a single user cert, but old certs are in the database
with the same subject, but no keys.
2002-04-24 18:29:04 +00:00
relyea%netscape.com
ac5aeb9932 Look up both DER encoded serial numbers (PKCS #11 spec), and decode serial
numbers (Old NSS) when looking up certs by issuer and SN.
2002-04-24 18:27:17 +00:00
relyea%netscape.com
71e35b07b7 Authenticate to tokens before looking up user certs. 2002-04-24 18:25:48 +00:00
thayes%netscape.com
df2c867541 Reserved Netscape extension (NETSCAPE 1 18) 2002-04-23 23:48:20 +00:00
ian.mcgreer%sun.com
9221a5bd63 fix shutdown leaks 2002-04-23 17:22:13 +00:00
ian.mcgreer%sun.com
caad76ef9c avoid use of iterator 2002-04-22 20:44:07 +00:00
ian.mcgreer%sun.com
f9f60b9735 NewTemp has to be matched with AddTempCertToPerm 2002-04-22 20:27:52 +00:00
relyea%netscape.com
ce09346d8c Token and cert processing fixes:
1) use NewTempCert rather than DERDecode cert in all import cert cases.
When DERDecode cert is used, we may wind up with a cert that gets cleared
when we try to import it because it already in the cache. NewTempCert will
return the version that is in the cache.
   2) If we are returning the CAList, only return certs that are CA's
(not usercerts).
   3) Authenticate to all the tokens if necessary before we try to list
certs. (Stan code should eventually get automatic authentication calls in
the code itself).
   4) When looking up user certs, don't return those certs with the same
subject, but do not have any key material associated with them (that is
don't crash if we have old certs in our database without nicknames, but
match user certs on our smart cards).
   5) Save the nickname associated with our subject list in the temp
cache so we can correctly remove the entry even if the cert's nickname
changes (because of smart card insertions and removals, or because of
creation and deletions of our user cert).
2002-04-22 19:09:01 +00:00
ian.mcgreer%sun.com
9596c39faa file is no longer part of build (functionality in devtoken.c) 2002-04-22 18:28:30 +00:00
ian.mcgreer%sun.com
a4591dfe82 overwrite old entry during import, so that changing trust works correctly 2002-04-22 15:21:06 +00:00
ian.mcgreer%sun.com
abac680269 fix bugs in cert import with smart card cache 2002-04-22 14:14:44 +00:00
ian.mcgreer%sun.com
a7ab27bc63 re-sync the trust domain cache with token insertion/removal 2002-04-19 23:06:44 +00:00
ian.mcgreer%sun.com
36e1d960b7 * make sure the token cache returns failure in overflow case
* change internal module trust order again, builtins uses 100, and internal module must come first
2002-04-19 19:30:12 +00:00
ian.mcgreer%sun.com
3a62ba7fdd try again, the default is 50 so the internal module must be higher 2002-04-19 19:19:33 +00:00
ian.mcgreer%sun.com
7061750a28 make sure the internal module defaults to trust order > 50 2002-04-19 19:01:45 +00:00
ian.mcgreer%sun.com
7c6de6462d improve synchronization between the token state and token cache operations 2002-04-19 17:32:22 +00:00
ian.mcgreer%sun.com
a4d9b8b514 Only fall back to email search if the "nickname" has an @ character. This is because email searches will not go through the cache, so should be avoided if possible. 2002-04-19 16:22:31 +00:00
ian.mcgreer%sun.com
5377ca2a6c Fixes for smart card cache. Don't do cache searches by email address, since GetAttributeValue does not set that field. Handle removal correctly for item at tail of list. Don't search token after a successful cache search that returned zero hits. 2002-04-19 16:14:13 +00:00
jpierre%netscape.com
2d21c59ccc Fix for 138084 - free slot list if NSC_Initialize fails 2002-04-18 20:54:22 +00:00
ian.mcgreer%sun.com
ee8ba26ef6 catch non-present tokens before searching them 2002-04-18 19:37:12 +00:00
ian.mcgreer%sun.com
f618a840b0 two fixes for certs with multiple instances 2002-04-18 19:26:17 +00:00
relyea%netscape.com
8964d7d12e Don't crash if we try to get the name of a non-existant token. 2002-04-18 17:54:30 +00:00
relyea%netscape.com
77950da5b1 Remember the nickname in the cache entry so that we can always free it when the cert goes away, even if the nickname has changes.
Also, initialize subjectList to NULL at the beginning, so we don't try to add nickname when we aren't supposed to.
2002-04-18 17:52:55 +00:00
relyea%netscape.com
a9286881d6 We need to make sure we always return a trust object, even if that object says
there is no trust.
2002-04-18 17:50:40 +00:00
ian.mcgreer%sun.com
5dbec9a12d landing new smart card cache, bug 135429 2002-04-18 17:30:05 +00:00
wtc%netscape.com
f971211696 Bugzilla bug 126087: removed symKey->refLock because we are using atomic
routines on symKey->refCount now.  Declare symKey->refCount as PRInt32 to
match the prototype of PR_AtomicIncrement/Decrement.
Modified files: pk11skey.c secmodti.h
2002-04-17 01:03:23 +00:00