Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-05 00:25:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
102,412 Commits 615 Branches 98 Tags 6 GiB
a707417496
Commit Graph

1966 Commits

Author SHA1 Message Date
ian.mcgreer%sun.com
0d658ba4f8 bug 125796, make sure all CERTCertificates are destroyed as such, and that cache collisions when traversing are handled correctly (by destroying extra reference) 2002-02-26 16:21:48 +00:00
relyea%netscape.com
bd56c1e043 When using global params, noCertDB implies noKeyDB as well bug 127312 2002-02-26 02:28:21 +00:00
relyea%netscape.com
226cb8ac42 CRL issues: 1) return url when finding and importing CRL's. 
2) fix CERT_ImportCRL so it actually works.

NOTE: Calls of SEC_NewCrl() should verify the signature on the CRL before
importing!.
 2002-02-26 02:02:53 +00:00
relyea%netscape.com
82ac932cf2 Bug 125728 truncate utf8 correctly in the pkcs11 string. 2002-02-26 00:33:42 +00:00
relyea%netscape.com
ae01fe45e4 Changes to allow protected pin path to work in applications that code for it. 2002-02-26 00:28:50 +00:00
nelsonb%netscape.com
4bfe43978d Change ssl_GetPeerInfo to no longer assume that an address is IPV6 if 
it's not IPv4.  Fixes a bug on systems that don't support IPV6, but
do support other address families.
 2002-02-26 00:28:15 +00:00
wtc%netscape.com
1a7fc6755d Removed the temporary depend->clean hack for NSS 3.4 update. 
Modified Files:
	Makefile.in security/manager/Makefile.in
	security/nss/makefile.win
 2002-02-23 04:41:30 +00:00
wtc%netscape.com
11bbf1a4da Temporary hack for the NSS 3.4 update (BeOS port, etc.) Will remove 
tomorrow.
Modified files: Makefile.in security/manager/Makefile.in
                security/nss/makefile.win
 2002-02-22 21:26:29 +00:00
wtc%netscape.com
6c79ece2fe Bugzilla bug 70217: ported NSS to BeOS. The patch is contributed by 
Christopher Seawood <seawood@netscape.com>.
 2002-02-22 04:23:30 +00:00
ian.mcgreer%sun.com
bc5808a5ed bug 125359, by default the ASN.1 en/decoder should treat all numbers as signed. But many source/target items desire unsigned integers (specifically, bignums in the crypto stuff), so implement an siUnsignedInteger type which notifies the en/decoder to handle the conversion. 
r=nelsonb
 2002-02-21 22:41:44 +00:00
wtc%netscape.com
4f99429abb Fixed misspelling. 2002-02-21 00:06:14 +00:00
wtc%netscape.com
667ed9e4c8 Bugzilla bug 125149: prevent the session ID count component of the session 
ID from overflowing and corrupting the slot index component.  Do a lookup
in the session hash table to make sure the session id is not in use before
adding it to the table.  r=relyea.
Modified files: pkcs11.c pkcs11i.h
 2002-02-20 23:59:35 +00:00
wtc%netscape.com
ba5d3c7107 nscSlotHashTable is not protected by a lock, so we need to use 
PL_HashTableLookupConst to do the lookups.  r=mcgreer.  This bug is
discussed in bug 125149 but is not the main topic of that bug.
 2002-02-20 23:53:45 +00:00
kirk.erickson%sun.com
0e2122791d Added tokenIDCount, and tokenHashTable to comments about objectLock. 2002-02-20 18:05:52 +00:00
wtc%netscape.com
1fd68fb5cc Bugzilla bug 124952: removed the "depend->clean" hack for NSS 3.4 landing. 
Modified files: Makefile.in security/manager/Makefile.in
security/nss/makefile.win
 2002-02-19 15:03:07 +00:00
nelsonb%netscape.com
619da61034 Fix two logic errors reported as warnings on windows. Bug 110187 2002-02-19 02:06:25 +00:00
wtc%netscape.com
ddf21869a1 Bugzilla bug 125730: fixed OpenVMS build breakage. Thanks to Colin Blakes 
<colin@theblakes.com> for the patch.
odified Files: sslmutex.c sslmutex.h sslsnce.c
 2002-02-16 02:52:07 +00:00
relyea%netscape.com
8f3c87eaa3 Use timers to determine whether or not to do the smart card present checks 
or not.

bob
 2002-02-16 00:29:37 +00:00
wtc%netscape.com
cb5e5f1f21 Bugzilla bug 112198: use the -dylib_file ld option to link the ssl3 and 
smime3 dylibs and the NSS tools so that they can find the indirectly
referenced libsoftokn3.dylib.  Define and export DYLD_LIBRARY_PATH.  The
patch is contributed by Brian Ryner <bryner@netscape.com>. r=wtc,beard.
Modified Files:
	coreconf/Darwin.mk nss/cmd/platlibs.mk nss/lib/smime/config.mk
	nss/lib/ssl/config.mk nss/tests/common/init.sh
 2002-02-15 23:38:47 +00:00
nelsonb%netscape.com
e023b4422a Change most coreconf and NSS makefiles to use OS_TARGET (which can 
be overridden via an environment variable) rather than OS_ARCH.
This is a precursor to more flexibility in cross-platform builds.
Bug 104541.
 2002-02-15 22:54:08 +00:00
wtc%netscape.com
71f0b1eaab Bugzilla bug 125790: free the nickName and passwd strings 2002-02-15 21:53:25 +00:00
ian.mcgreer%sun.com
a56e787c34 clean up certs & keys for purify 2002-02-15 20:50:47 +00:00
relyea%netscape.com
18e535baad Fix missing certs from the listing of all the certs in tokens with large cert caches (larger than 32). 2002-02-15 17:37:58 +00:00
relyea%netscape.com
8c2f9e3bae Implement SEC_NicknameConflicts(). 2002-02-15 01:57:08 +00:00
javi%netscape.com
045149cbac Fix crash when looking up cert by nickname when the token on which 
the cert is located is not plugged in.

Bug 125611
 2002-02-15 01:50:28 +00:00
ian.mcgreer%sun.com
df5c3fad91 bug 125263, race condition destroying temp certs 2002-02-15 01:10:07 +00:00
ian.mcgreer%sun.com
f10bd5bd8e make listing of certs finish cleanly under purify 2002-02-14 18:02:30 +00:00
wtc%netscape.com
4acba952bc Bugzilla bug 122712: renamed cert_DecodeGeneralName to 
CERT_DecodeGeneralName because we export this function from nss.def.
(The cert_ prefix suggests an internal function.)
Modified Files:
	lib/certdb/genname.c lib/certdb/genname.h lib/certdb/xconst.c
	lib/nss/nss.def
 2002-02-14 02:53:20 +00:00
wtc%netscape.com
993e97c4e8 Bugzilla bug 123938: renamed cert_EncodeGeneralName to 
CERT_EncodeGeneralName.  Export CERT_EncodeGeneralName and
CERT_FindKeyUsageExtension from nss.def.  Have cmmfrec.c include
nssrenam.h to get __CERT_NewTempCertificate.
Modified Files:
	lib/certdb/genname.c lib/certdb/genname.h lib/certdb/xconst.c
	lib/crmf/cmmfchal.c lib/crmf/cmmfrec.c lib/nss/nss.def
 2002-02-14 02:25:21 +00:00
relyea%netscape.com
87e1407f2c Fix UMR in the session info structure. 2002-02-14 01:12:51 +00:00
jpierre%netscape.com
284f6b65f8 Fix for 125373 - crash in crlutil 2002-02-14 00:06:52 +00:00
ian.mcgreer%sun.com
0ae7b14eb9 bug 125165, don't crash when the softoken fails to return attributes for a cert object 2002-02-13 21:09:15 +00:00
ian.mcgreer%sun.com
e8d1c34918 bug 125263, the subject lists in the temp store are actual hash entries, thus any attempt to extract certs from them must be done within the store's lock. 2002-02-13 16:58:05 +00:00
relyea%netscape.com
2453c05e6e Bug 120651: Memory leaks in PK11_GetCertList. 
1) Fix leaks in error paths (bfind.c -- found by inspection).
2) Don't allocate hash table data out of the arena. PL_Hash grows and shrinks
the hash buckets as necessary. In arenas they will just grow.
3) Don't allocate temparary locks out of the global instance arena pool.
 2002-02-13 02:26:47 +00:00
jpierre%netscape.com
7716bf30c8 Fix for 125143 - allow modutil to report PKCS#11 library load failure errors 2002-02-13 01:43:10 +00:00
wtc%netscape.com
4beb80b857 Bugzilla bug 125102: six files in mozilla/security/nss/lib/ckfw/builtins 
got renamed.
 2002-02-12 22:51:09 +00:00
sonja.mirtitsch%sun.com
58e4856539 fixed returncode after modification in error.h 2002-02-12 18:34:35 +00:00
jpierre%netscape.com
a5c73d7696 Reset NSPR error text before adding the module to make sure we aren't getting some previous error 2002-02-12 04:25:15 +00:00
jpierre%netscape.com
4a5d5b109f Make modutil display a more detailed error when a PKCS#11 module fails to load. This is done by checking the NSPR error text that is set by PR_LoadLibrary failures deep in SECMOD_AddNewModule 2002-02-12 04:09:21 +00:00
wtc%netscape.com
232cdb0fbc Bugzilla bug 114748: deleted unnecessary EXTRA_LIBS augmentation. The 
zlib and jar libs are already added to EXTRA_LIBS by ../platlibs.mk.
 2002-02-12 02:01:03 +00:00
relyea%netscape.com
e3552493a8 Load all slots into the trust domain, even if the tokens are empty. 
Fix problems with the token caching code when tokens are removed.
 2002-02-12 01:33:41 +00:00
ian.mcgreer%sun.com
bbabfda7e9 bug 124082, don't change trust of existing CA certs during PKCS#12 import 2002-02-12 00:38:16 +00:00
ian.mcgreer%sun.com
ffce9a0860 bug 124446, thread safety issues with static oid hashtable. 
r=wtc
 2002-02-11 23:12:00 +00:00
ian.mcgreer%sun.com
6958bd9af8 NSSCryptoContext_ImportCertificate cannot inform the caller that the cert already exists as a temp cert, is is necessary to work around this in CERT_NewTempCertificate by doing a lookup on the cert after it was imported. 
r=relyea
 2002-02-11 22:12:01 +00:00
kirk.erickson%sun.com
abbde77e08 Commented SlotStr with information what what locks protect what. 2002-02-11 20:14:05 +00:00
nelsonb%netscape.com
42fdae57e1 Make NSS 3.4 build as part of mozilla on OS/2. Bug 114748. 
Patch supplied by Javier Pedemonte.
 2002-02-11 05:48:37 +00:00
wtc%netscape.com
2cb1de5abe Bugzilla bug 112198: On Darwin we must link libnssckbi.dylib with -bundle 
so that we can load it correctly.  Thanks to Brian Ryner for the patch.
 2002-02-10 06:18:17 +00:00
wtc%netscape.com
da15146da7 Bugzilla bug 112198: Port NSS to Mac OS X (Darwin). The patch is 
contributed by Javier Pedemonte <pedemonte@alumni.utexas.net>.
Modified Files:
	coreconf/config.mk coreconf/nsinstall/nsinstall.c
	coreconf/nsinstall/pathsub.c nss/lib/freebl/unix_rand.c
	nss/lib/ssl/unix_err.c
 2002-02-10 05:24:49 +00:00
javi%netscape.com
b1680cb442 Give fragment names to the 2 targets. Will help with Talkback. 2002-02-09 00:15:57 +00:00
ian.mcgreer%sun.com
4edd6cfd21 localize the adding of cert references to one function to save an iteration, add two NULL pointer checks 2002-02-08 21:47:05 +00:00
wtc%netscape.com
a07e28ee9a Accidentally deleted PK11_GetSymKeyNickname in my previous checkin. 2002-02-08 19:50:07 +00:00
wtc%netscape.com
c314c19f6d Checked in Jamie's patches for 
bug 124232: export SECKEY_DestroyPublicKeyLis; and
bug 124233: add new function PK11_GetNextSymKey.
Also fixed two problems in nss.def.
Modified files: nss/nss.def pk11wrap/pk11func.h pk11wrap/pk11skey.c
 2002-02-08 19:42:40 +00:00
ian.mcgreer%sun.com
338b4d1c54 as with the cache, a search by cert DER should crack the DER into issuer and serial, then index the hash directly, as opposed to iteration 2002-02-08 16:26:07 +00:00
ian.mcgreer%sun.com
8930954284 bug 124268, usage statement for dump chain option 2002-02-08 15:22:54 +00:00
ian.mcgreer%sun.com
3296ff5ffb bug 124189, signtool hangs 2002-02-08 15:13:13 +00:00
wtc%netscape.com
a972f0ed13 Bugzilla bug 124318: do not link with -lsoftokn3 explicitly. Use the 
-rpath-link linker option on Linux to find libsoftokn3.so.
 2002-02-08 03:15:40 +00:00
ian.mcgreer%sun.com
cf2e1cd363 bug 124309, fix various issues with the cache/temp store and thread safety. Is one line different than the patch on the bug, the one line seemed to fix the reported crash. 2002-02-08 02:51:41 +00:00
sonja.mirtitsch%sun.com
7a62a90f8e script to clean up old tinderbox QA 2002-02-08 02:12:21 +00:00
sonja.mirtitsch%sun.com
6882942b67 QAstatus file now made at the right place (global Exit()) and putting 
killed info in as well
partial fix for 122632 r=wtc
 2002-02-08 01:50:26 +00:00
bishakhabanerjee%netscape.com
fad9c854e8 Patch for bug 119368: SECU_PrintError prints decimal error code now if 
unknown error
 2002-02-08 01:20:04 +00:00
sonja.mirtitsch%sun.com
562719f774 removed compiler workshop 5 marker bug# 124256 r=nelsonb 2002-02-08 00:43:18 +00:00
relyea%netscape.com
9c6d49165a Bug 120651: Stop up memory leaks in the built-in token. We are slowly leaking 
memory in arenas by allocating temporary objects out of permanment arenas.

Also rename file sin the builtins directory that conflict with it's parent.

xxxxx.c -> bxxxx.c except instance.c becomes binst.c
 2002-02-08 00:10:07 +00:00
ian.mcgreer%sun.com
c60a4bd7b4 bug 124268, -P is used twice 2002-02-07 22:28:04 +00:00
ian.mcgreer%sun.com
c20c215bdb This is a revision of the patch shown in bug 122907. It should fix the leakage seen with client auth. It is needed either way, as NSS 3.3 always checked for pre-existing temp certs before creating a new one. 2002-02-07 14:58:05 +00:00
wtc%netscape.com
3bfefc2636 Bugzilla bug 119376: initialize a local variable to eliminate a compiler 
warning.
 2002-02-07 01:57:48 +00:00
wtc%netscape.com
4f95c4463a Bugzilla bug 119376: fixed the uninitialized variable 'rv' in 
rsa_PrivateKeyOp.
 2002-02-07 01:00:31 +00:00
relyea%netscape.com
9c46c55eb3 Identify certs that have no trust as CA's if they have the right settings 2002-02-07 00:50:47 +00:00
ian.mcgreer%sun.com
6b3e8a8041 another misused arena 2002-02-06 23:11:08 +00:00
ian.mcgreer%sun.com
6d38eae938 Don't waste time searching on tokens for trust of a temp cert. It can only be found in the temp store. 2002-02-06 20:18:18 +00:00
ian.mcgreer%sun.com
a51d0334fd cleanup shutdown leak 2002-02-06 19:58:54 +00:00
ian.mcgreer%sun.com
feba509c51 PK11_VerifyRecover leaks a slot reference, this fixes it. 
r=relyea
 2002-02-06 19:21:20 +00:00
sonja.mirtitsch%sun.com
95d835e50a changing the way to figure out if selfserv is still present from ps to 
kill -0 so we might be able to debug the disapearing selfserv problem
better
 2002-02-06 05:34:16 +00:00
sonja.mirtitsch%sun.com
0fbd97206f start of fix for 122632 to avoid overflows 2002-02-06 04:02:46 +00:00
sonja.mirtitsch%sun.com
0f9e24e63e calling the selfserv now with -y to get the certs at the end, adjusted clients and wait times 2002-02-06 02:51:59 +00:00
relyea%netscape.com
89fbd30151 Fix memory leak in hash table keys. Hash tables stay around forever. 
keys go into and out of the table. the old code allocated the keys from
the hash table's arena, so they would grow without bounds. Now the keys
are allocated from the heap, and get freed when they are expunged from the
table.
 2002-02-06 02:42:08 +00:00
wtc%netscape.com
2e844c5b23 Bugzilla bug 119340: write the "selfserv: received SIGTERM" message to 
standard output (fd 1) instead of standard error (fd 2) because the test
script writes its output to standard output (with the echo command).
 2002-02-06 01:38:06 +00:00
sonja.mirtitsch%sun.com
25e324cbb6 debugging info for the intermittant multiple recipient problem on linux 2002-02-06 01:15:51 +00:00
ian.mcgreer%sun.com
89d46447f6 fixes for bugs 123479 and 123081 (possibly others). break up arena usage in hash table entries for the temp store and cert cache. 2002-02-05 23:55:43 +00:00
wtc%netscape.com
7d12a23186 Bugzilla bug 121523: checked in Kirk Erickson's session lock fix. 
Modified Files:
	lib/pk11wrap/pk11slot.c lib/softoken/pkcs11.c
	lib/softoken/pkcs11i.h lib/softoken/pkcs11u.c
 2002-02-05 23:41:36 +00:00
ian.mcgreer%sun.com
b3c9eb8565 place where iterator was not freed 2002-02-05 22:32:38 +00:00
jpierre%netscape.com
ecbc4538c7 Fix for 122907 - patch to disable arena free lists with environment variable 2002-02-05 22:20:43 +00:00
ian.mcgreer%sun.com
2f6edd19c3 some of the output in bug 123081 shows potential leaks around iterators, since the iterator is explicitly freed allocate it in its own block to avoid this 2002-02-05 22:08:12 +00:00
ian.mcgreer%sun.com
274e685871 cleanup suggested by review by Nelson 2002-02-05 03:53:50 +00:00
relyea%netscape.com
c133a81be6 Fix error path, only free arena is one was allocated. 2002-02-05 01:47:01 +00:00
nelsonb%netscape.com
494eb9ffcc Plug one of the leaks reported in bugzilla bug 123081 2002-02-04 23:15:11 +00:00
ian.mcgreer%sun.com
757fa95794 plug leak found doing client auth, move freeing of cert's slot down a level in case the cert was not made external 2002-02-04 23:04:11 +00:00
ian.mcgreer%sun.com
0528192331 fix leak reported in bug 123081 by avoiding allocation for time variable 2002-02-04 22:34:22 +00:00
ian.mcgreer%sun.com
7bd72fa102 last part of bug 121628, permanent slots should respond immediately to IsPresent() call 2002-02-04 21:57:07 +00:00
relyea%netscape.com
71b1a77b4d Function to read PQG params from the key. 2002-02-04 18:00:14 +00:00
wtc%netscape.com
20881a495b Temporary hack to make 'depend' do a 'clean' in NSS. 2002-02-04 15:57:38 +00:00
relyea%netscape.com
31218c1ff3 Bug 117978: accessor functions to all JCE keystore API to be implemented. 2002-02-03 03:37:26 +00:00
ian.mcgreer%sun.com
d9f18429d4 Fix cert leaks when building a chain. There are several client auth bugs filed, this may not be for any one in particular, but was found with tstclnt. 2002-02-02 20:01:22 +00:00
ian.mcgreer%sun.com
cee0e72c0a bug 90518, selfserv dumps cache state before shutdown with -y option 2002-02-02 19:39:48 +00:00
wtc%netscape.com
fbbe598603 Bugzilla bug 122961: export CERT_CreateSubjectCertList for PSM. 2002-02-02 04:41:06 +00:00
relyea%netscape.com
8159126d0b Add new PK11_ImportSymKeyWithFlags function for JSS 2002-02-02 01:46:05 +00:00
javi%netscape.com
9054da7961 Fix Mac bustage. 2002-02-02 01:20:54 +00:00
wtc%netscape.com
6b642a0259 Bugzilla bug 122712: moved the two newly exported symbols to the right 
place.
 2002-02-01 21:16:43 +00:00
ian.mcgreer%sun.com
f2b84b4779 fix cert leak found by client auth 2002-02-01 18:18:13 +00:00
relyea%netscape.com
677076a9bb Fix memory leak. 2002-02-01 17:57:05 +00:00
ian.mcgreer%sun.com
c124ec770d bug 121628, persistent cache of hardware token certs 2002-02-01 17:25:15 +00:00
wtc%netscape.com
3b6cd1ed50 Bugzilla bug 119340: install a SIGTERM handler on Linux for debugging. 2002-02-01 05:57:49 +00:00
relyea%netscape.com
24ec92e64a certutil -L now opens the DB ReadOnly. Add the '-X' option to the test is still 
testing the R/W case.
 2002-02-01 02:28:32 +00:00
relyea%netscape.com
f462f5a326 Make the following functions open the databases Readonly: 
ListCerts PrintHelp ListKeys ListModules CheckCertValidity Version

Add an option (-X) to restore the old behaviour of openning the Databases R/W
 2002-02-01 02:26:40 +00:00
ian.mcgreer%sun.com
8939b19afe have certutil shutdown cleanly so purify is easier to deal with 2002-01-31 19:27:07 +00:00
relyea%netscape.com
82e1be6d15 Fix thread local storage leak. 2002-01-31 19:18:55 +00:00
javi%netscape.com
2bfd470c5f Make the projects depend on a .exp file that doesn't start with '_' so that we know the .exp file wasn't generated by CodeWarrior. 2002-01-31 19:10:46 +00:00
javi%netscape.com
f67c98ba51 Use LoadableRoots.mcp.exp instead of _*.exp so that we know 
the .exp wasn't generated by CodeWarrior.
 2002-01-31 19:05:27 +00:00
ian.mcgreer%sun.com
9a03239427 couple of fixes 2002-01-31 17:28:49 +00:00
ian.mcgreer%sun.com
7f14d4e1fb bug 90518, implement methods for dumping the state of the cache and temp cert store in NSS 3.4 2002-01-31 17:08:32 +00:00
ddrinan%netscape.com
92c85311ed Checkin for relyea. Call CERT_DestoryCertificateList instead of CERT_DestroyCertList 2002-01-31 04:00:12 +00:00
relyea%netscape.com
3adedc6688 Fix certlist memory leak. 2002-01-31 02:19:43 +00:00
wtc%netscape.com
eeef12be2f Bugzilla bug 119340: backed out the fix. We are still seeing the 
"selfserv process not detectable" errors on Linux and I don't have
time to get to the bottom of it.
Modified files:
	cmd/selfserv/selfserv.c tests/common/init.sh tests/ssl/ssl.sh
 2002-01-31 02:03:57 +00:00
wtc%netscape.com
dc7133e6ef Bugzilla bug 122712: temporarily export two additional symbols for Mozilla 
static build.
 2002-01-31 01:03:21 +00:00
sonja.mirtitsch%sun.com
7b6f72131a put the sleep 30 back into the linux ssl test to give the selfserv time 
to free the socket...
 2002-01-31 01:01:47 +00:00
relyea%netscape.com
5862391160 restore checks for critical extenstions and fail if we have any we don't 
recognize. Just remove the bogus check that v2 crls must have critical extensions
 2002-01-31 00:42:43 +00:00
sonja.mirtitsch%sun.com
37e7d17867 next thry for bug 115200 2002-01-31 00:34:04 +00:00
relyea%netscape.com
71237064fc Set token flag when saving the CRLs so they actually get put into the database! 2002-01-31 00:18:09 +00:00
relyea%netscape.com
622f360f9e Fix searching code so it can find CRL's 2002-01-31 00:16:29 +00:00
sonja.mirtitsch%sun.com
81a33a5f77 another try for QA / RE / tinderbox problem bug #115200 2002-01-30 04:37:35 +00:00
relyea%netscape.com
f62b6e82b9 Unsigned values are always greater than '0'! 2002-01-30 00:48:24 +00:00
relyea%netscape.com
9a66c5386d Indexes are zero based. Do our realloc when index == size (not after). 2002-01-30 00:25:34 +00:00
relyea%netscape.com
c66d0660f4 1) put some defensive programming so we don't crash on invalid der. 
2) set the start offset correctly for multi-byte lengths when decoding sets
and sequences
 2002-01-30 00:24:12 +00:00
relyea%netscape.com
9d74b35058 Restore idempontency to nss_init* 2002-01-29 22:27:15 +00:00
relyea%netscape.com
25bac17639 Built-ins set the ulValueLen to -1 to indicate an unknown attribute type. 2002-01-29 21:12:13 +00:00
relyea%netscape.com
341b18d960 Token and slot names are already converted to NULL terminated strings in the slot structure 2002-01-29 21:10:50 +00:00
relyea%netscape.com
41c843a2f4 Don't leak memory in the arena pool 2002-01-29 19:00:47 +00:00
relyea%netscape.com
f28551787a More 'pretty print' improvements. Decode context specific data a little more. 2002-01-29 17:50:27 +00:00
ian.mcgreer%sun.com
abec66154f changes related to bug 115660 
* fipstoken will only force authentication for object-related functions when the object is a private or secret key
* certutil does not authenticate to token when in FIPS and only doing cert-related operations
* QA does not provide password to certutil when doing cert-related operations in FIPS tests
 2002-01-29 17:30:22 +00:00
relyea%netscape.com
6b96fe3f81 (sigh) not only do we need to find the objects, we need to be able to read 
them as well.
 2002-01-28 23:28:29 +00:00
sonja.mirtitsch%sun.com
a4ddcd12a1 fixed typo 2002-01-28 20:59:23 +00:00
jpierre%netscape.com
aacd33fea8 Fix for 69556 - remove expired CA "Verisign Class 4 Primary CA" 2002-01-28 20:43:37 +00:00
sonja.mirtitsch%sun.com
8b6bfb5e27 attempted fix for bug 115200, tinderbox reports false failures on machines 
that run 32 and 63 bit tinderboxes
 2002-01-28 19:35:53 +00:00
relyea%netscape.com
a90e3c83fb Fix crashing problem when trying two switch from fips to non-fips and back. 
bug 119214.
 2002-01-28 19:18:41 +00:00
wtc%netscape.com
d2e3ab55fb Bugzilla bug 100447: on BSD/OS 4.2 and 4.3, we have problem calling 
safe_popen in a threaded program.  So we don't call safe_popen when
we obtained some entropy from /dev/urandom.  Thanks to lidl@pix.net
for the bug report and the fix.
 2002-01-27 00:14:59 +00:00
wtc%netscape.com
63dd3ebaf8 Bugzilla bug 111206: make the Solaris version test flexible so that we 
don't need to add a new test for each new Solaris release.
 2002-01-26 16:19:51 +00:00
relyea%netscape.com
6aadda5c42 Fix PBE_Context failure by making sure CKM_PBA is it's own keygen type. 2002-01-26 01:20:50 +00:00
relyea%netscape.com
0f9ca80078 Fix 2 memory leaks and a UMR. 
(keyhand needs to be initialized before we start xor hashing)
Free item and time elements which are transparently allocated for us.
 2002-01-26 00:16:03 +00:00
relyea%netscape.com
cfab32ea30 Change Sha1_hash to a simple XOR hash for building key handles for token 
objects.
 2002-01-25 19:09:34 +00:00
relyea%netscape.com
e760d6d971 Fix key leak in S/Mime. 2002-01-25 19:08:19 +00:00
relyea%netscape.com
a7723c632d Fix bug 115660. Note that fixing the bugs necessitates fixing the test 
cases as well. The test case was depending on the failure to read certs to
detect the failure to read keys. Now certutil returns a failure if no keys
are found. This also means that the FIPS test after the key and cert
has been deleted should expect a failure to list any keys.
 2002-01-25 19:03:17 +00:00
relyea%netscape.com
0117ba048e Too agressive on fixing leaks;). This one isn't a leak. 
bob
 2002-01-24 21:33:51 +00:00
ian.mcgreer%sun.com
f41585bde3 fix aix issues 2002-01-24 15:45:55 +00:00
relyea%netscape.com
ebaa5bbf31 Fix NT crash on startup. (load builtins after trust domain gets initialized). 2002-01-24 02:46:07 +00:00
nicolson%netscape.com
951f75091e Fix 118679: PK11SDR_Encrypt fails if not logged into token. 2002-01-24 01:06:22 +00:00
ian.mcgreer%sun.com
75f5e9ba76 implement istemp and isperm in case clients depend on it, make sure certs own a reference to their slot and then free it 2002-01-24 00:58:02 +00:00
ian.mcgreer%sun.com
82686aae13 fix leakage in traversal functions that convert certs to CERTCertificates 2002-01-24 00:34:03 +00:00
relyea%netscape.com
b482961799 Fix memory leaks. 2002-01-24 00:26:29 +00:00
ian.mcgreer%sun.com
e0aea6c88c make sure path string has terminator 2002-01-24 00:25:32 +00:00
ian.mcgreer%sun.com
e5c7459928 restore function CERT_SaveImportedCert, used to set the trust bits of a cert on import. Fixes bug 121487 2002-01-23 21:43:30 +00:00
ian.mcgreer%sun.com
4a36925612 traverse functions need to cache as they run in order to catch multiple instances of certs correctly 2002-01-23 20:35:18 +00:00
ian.mcgreer%sun.com
1e650bcd15 traversed certs also need to be cached 2002-01-23 18:24:29 +00:00
ian.mcgreer%sun.com
f3392f0b6a fix core when token list is emptied (caused by switch to fips mode) 2002-01-23 17:39:29 +00:00
ian.mcgreer%sun.com
4fc4b9ceba * keep stan in sync with both addition and removal of modules 
* clean up compatibilty issues with PKCS#11 serial numbers.  Need to search both encoded and decoded values, while making sure stan code only deals with DER value
 2002-01-23 17:00:39 +00:00
ian.mcgreer%sun.com
0af7b9c087 make the load function for the root token work 2002-01-23 15:36:54 +00:00
ian.mcgreer%sun.com
e036a5db20 fix breakage caused by yesterday's checkins; since softoken no longer returns terminating NULL for strings must add it above PKCS#11 
also fixes bug 121384
 2002-01-23 14:37:48 +00:00
relyea%netscape.com
9b88467bfc Restore code automatic Built-in loading code. 2002-01-23 04:42:21 +00:00
relyea%netscape.com
72e3dce42d Function to return if any builtins have been loaded yet. 2002-01-23 04:41:25 +00:00
ian.mcgreer%sun.com
272b2a393b fix PSM crash described in bug 120647 2002-01-23 03:53:16 +00:00
wtc%netscape.com
bd2bc25ec1 Bugzilla bug 119340: an inelegant but more reliable way to kill the 
multithreaded 'selfserv' process on Linux.
Modified files:
    cmd/selfserv/selfserv.c tests/common/init.sh tests/ssl/ssl.sh
 2002-01-23 03:18:57 +00:00
relyea%netscape.com
8c401aee16 Fix wrong polarity on if statement (should check for success, not failure). 2002-01-23 02:10:31 +00:00
sonja.mirtitsch%sun.com
b6fd9b3d50 added the TCP connection aborted to the lines that are OK in the log 2002-01-23 02:07:08 +00:00
relyea%netscape.com
c7d82085a1 Fix memory like in readSMimeEntry 2002-01-23 01:44:22 +00:00
relyea%netscape.com
c5398cc6c3 Fix label stuff. 2002-01-23 01:20:32 +00:00
relyea%netscape.com
eec61db7e1 Labels don't have NULL's by default. 2002-01-23 00:53:53 +00:00
ian.mcgreer%sun.com
30e782be09 PSM bug 119359, NSS 3.4 also needs to recognize valid CA trust in order for cert download to work correctly 2002-01-23 00:49:23 +00:00
sonja.mirtitsch%sun.com
3678be47dd added comments 2002-01-23 00:27:10 +00:00
sonja.mirtitsch%sun.com
fbbaa44ef1 removing tmpfiles on tinderboxes 2002-01-23 00:21:01 +00:00
sonja.mirtitsch%sun.com
b10b0f598d changes so nssqa will run on netscape's daily builds as well 2002-01-23 00:19:32 +00:00
ian.mcgreer%sun.com
1f6449471b last change to INTEGER encoding, strip extraneous leading zeros from integer values passed to encoder 2002-01-22 22:48:26 +00:00
ian.mcgreer%sun.com
82ee31efe8 fix for bug 120824; functions which collect certs based on subject need to examine *both* the temp and perm stores 2002-01-22 21:56:19 +00:00
relyea%netscape.com
5f0c8488cf remove bogus verify step (the cert passed in is almost certainly a signing cert). 2002-01-18 03:38:29 +00:00
relyea%netscape.com
cfb0db6aa1 Fix the case where the subjectID is an issuer/SN. don't build a dbkey in 
this case, return the actual subject cert id after looking up the cert
directly
 2002-01-18 03:36:44 +00:00
relyea%netscape.com
5ec1498d89 Increment length on LABEL, not on CLASS to catch the added NULL case. 2002-01-18 03:35:18 +00:00
ian.mcgreer%sun.com
775f92f7ff more backwards compatibility fixes 
* always send DER of serial number to PKCS#11 queries
* in softoken, construct key for certificate using decoded serial number with (possibly) a leading zero, for compatibility with version 7 db
* in softoken, decode serial number *without* removing leading zero for searches
 2002-01-17 00:20:53 +00:00
ian.mcgreer%sun.com
9c7bf8e3b7 fix build bustage 2002-01-16 21:36:33 +00:00
ian.mcgreer%sun.com
40bd44939d fix a crash seen in PSM by making sure a zero-length attribute zeroes the item inheriting it 2002-01-16 21:23:30 +00:00
ian.mcgreer%sun.com
4c3e077743 fix for bug 115360, failure in pkcs12 backwards compatibility tests 2002-01-16 21:22:30 +00:00
ian.mcgreer%sun.com
b2373e435c unfortunately, the SDR key keeps the value of CK_KEY_TYPE in the coefficient field of an RSA key. This means some format is lost through the ASN.1 encoder/decoer. Trying again to account for that without affecting normal key type attributes. 2002-01-16 16:02:51 +00:00
wtc%netscape.com
fa4176bcc7 Bugzilla bug 119340: added a debug printf statement. 2002-01-16 03:29:06 +00:00
ian.mcgreer%sun.com
a4a2117751 fix up problems in last change 2002-01-16 00:04:16 +00:00
sonja.mirtitsch%sun.com
0f991578bd Ians debug change to find out the state of the DB after multi recepient test 2002-01-15 22:29:47 +00:00
javi%netscape.com
40c41ba4b7 Include NSS.Prefix in the optimized target instead of NSDebug.Prefix 2002-01-15 22:11:39 +00:00
ian.mcgreer%sun.com
37ccf29e2d revert last change, and move conversion of attribute value to host long up to where the long variable actually appears. 2002-01-15 21:45:38 +00:00
ian.mcgreer%sun.com
2dbd9ade93 fix SDR on big-endian platforms. The leading zeros in the RSA coefficient have been stripped, but PKCS#11 needs them back in order to form a CK_ULONG correctly. 2002-01-15 19:20:34 +00:00
ian.mcgreer%sun.com
02437e979a Fix for serial numbers which are negative when intrepreted as signed integers. Since the ASN.1 encoder now add/strips leading zeros to INTEGERs, the hand decoder written here will incorrectly decode serial numbers passed to it that have leading zeros. 2002-01-15 15:43:35 +00:00
ian.mcgreer%sun.com
ed9266b577 force generated serial #'s to always be positive 2002-01-15 01:53:11 +00:00
ian.mcgreer%sun.com
a29542b7fa fix for bug 115360, ASN.1 encoder/decoder should handle conversion of unsigned integers used in NSS to ASN.1 INTEGERs, and vice versa. 2002-01-14 23:20:43 +00:00
ian.mcgreer%sun.com
716b8f0319 PKCS#11 needs to receive the serial number DER-encoded 2002-01-14 23:19:17 +00:00
relyea%netscape.com
57e5fbda2e Fix nickname check for filtering cert lists. 2002-01-12 16:43:29 +00:00
ian.mcgreer%sun.com
aaba769038 *sigh* 
fixed backward compatibity tests, but broke current version.  will have to rework.
 2002-01-11 23:37:37 +00:00
ian.mcgreer%sun.com
dd22838792 temporary fix for bug 115360 2002-01-11 22:24:31 +00:00
jpierre%netscape.com
472a0c1c53 Fix for 98068 - PR_CALLBACK OS/2 issues 2002-01-11 19:53:00 +00:00
relyea%netscape.com
89b3664a5c Keep a copy of the DER Crl. 2002-01-11 17:31:09 +00:00
javi%netscape.com
09f08d15a5 Turns out there isn't a corresponding .def file for the Builtins module. 
So I still need this file.
 2002-01-11 02:19:41 +00:00
javi%netscape.com
24480b8e52 *.exp files (for symbol exporting) are now generated dynamically. 2002-01-11 02:13:49 +00:00
kirk.erickson%sun.com
673acbe7a2 Fixed termination when using -L 30 (see bug 107777). 
This is a temporary solution, creating SYSTEM rather than USER loggerThread.
Later we should create a USER thread, Interrupt, and tell the thread to exit.
 2002-01-11 01:03:28 +00:00
ian.mcgreer%sun.com
009e87cee3 fix crash seen in PSM 2002-01-11 00:41:26 +00:00
relyea%netscape.com
28a8636b42 Fix dual key generation crash. 2002-01-11 00:33:08 +00:00
sonja.mirtitsch%sun.com
b2600c932c asleep of 3 seconds after killing of teh selfserv doesn't seem to be 
sufficient - either that or it takes a lot longe now to start up
 2002-01-10 22:47:12 +00:00
relyea%netscape.com
ba6725dbc4 Fix Crl import Crash. (use the template, not the attribute list). 2002-01-10 22:38:15 +00:00
ian.mcgreer%sun.com
c59de9a7b9 CERT_FindCertIssuer had a fallback to just grab any cert with the correct subject when all else fails. 2002-01-10 20:24:46 +00:00
javi%netscape.com
58af3caac9 Give the shared library fragment names. 2002-01-10 18:15:28 +00:00
ian.mcgreer%sun.com
d288192dc3 Fix chaining bug. Cert's trust needs to be set before call to matchUsage. 2002-01-10 18:10:43 +00:00
ian.mcgreer%sun.com
3ab0d6c026 need to make sure trust is updated if it was already created 2002-01-10 15:30:06 +00:00
ian.mcgreer%sun.com
b4fb4d5e47 bug 118051, make Stan pki1 headers private exports for 3.4 2002-01-10 15:11:04 +00:00
ian.mcgreer%sun.com
6afbc49a37 Only release crypto context's reference if cert was removed. Should not have caused 3.4 bugs but was nonetheless incorrect. 2002-01-10 14:34:36 +00:00
ian.mcgreer%sun.com
475f3ab332 back out previous change 
Unlike the other hash indexes, the issuer and serial is unique.  If the issuer and serial exists in the cache, the cert pointer must be valid (the cache is holding a reference).
 2002-01-10 14:28:53 +00:00
ian.mcgreer%sun.com
9ec6b4c253 add command to certutil for dumping the chain of a cert 2002-01-10 04:30:00 +00:00
nelsonb%netscape.com
9bcaa806b7 Add error strings for new NSPR error codes. Bug 118668. 2002-01-10 03:00:30 +00:00
relyea%netscape.com
8e7e1c2654 Set the trust order for a newly installed built-ins to 100 2002-01-10 01:01:09 +00:00
relyea%netscape.com
5300b9d97a Fix default trust and cipher orders. 2002-01-10 01:00:20 +00:00
relyea%netscape.com
cf63c1e6fb Set up default trust order correctly. 
Default trustorder is
   0 for the internal token
   100 for the builtins
   50 for everyone else

Default Cipher order is
   100 for the internal token
   0 for everyone else
 2002-01-10 00:59:26 +00:00
relyea%netscape.com
c36ca2cf47 Initialize OCSP status variable 2002-01-10 00:45:27 +00:00
relyea%netscape.com
3c1915c1c2 Enable OCSP code. 2002-01-10 00:43:39 +00:00
javi%netscape.com
64569028de Update existing NSS projects to support building NSS 3.4 as shared libraries on the Mac. 2002-01-09 23:30:00 +00:00
javi%netscape.com
e088fa73ef New xml projects and headers required to build NSS 3.4 as shared libraries on the Mac. 2002-01-09 23:29:08 +00:00
javi%netscape.com
7c16d44d7c Define NSS_3_4 so that we get the right code and not Stan code that isn't quite ready. 2002-01-09 23:23:43 +00:00
javi%netscape.com
531a6a7a9d Changes required to get the trunk of NSS building on the Mac. 2002-01-09 23:22:23 +00:00
javi%netscape.com
47916f665d Move LoadableRoots.mcp.exp to _LoadableRoots.mcp.exp to match the new 
name of the project file that gets generated now that we use a new
build system, ie foo.xml gets improrted to _foo.mcp.  This ensures only
the symbols we want to export get exported.
 2002-01-09 21:49:19 +00:00
ian.mcgreer%sun.com
9aa794ecc7 also allocate hash key entry for issuer/serial, by creating an "index" cert in the cache's arena 2002-01-09 21:35:42 +00:00
ian.mcgreer%sun.com
b88038f258 several memory-related fixes 
- correct reference counting when combining certs taken from cache and obtained new
- cache keys need to be alloc'ed, for the case when one cert is used to create the cache entry, another (same subject/nick/email) is added, then the first is removed and freed
 2002-01-09 21:09:21 +00:00
javi%netscape.com
d7f4435f8c We now use xml files to run the Mac builds. Deleting the mcp files that 
are no longer used as part of the build.
 2002-01-09 20:08:25 +00:00
ian.mcgreer%sun.com
9a16931339 bug 118612, implement valid peer trust in softoken 2002-01-08 22:01:17 +00:00
ian.mcgreer%sun.com
5cbc9857bf another place where decoded cert was alloced in cert's arena 2002-01-08 19:38:56 +00:00
ian.mcgreer%sun.com
5be475d4e5 move free of CERTCertificate's arena below the NSSCertificate. needed for the case when an NSSCertificate is freed without ever releasing a CERTCertificate. 2002-01-08 18:51:18 +00:00
ian.mcgreer%sun.com
8b98f0af90 memory leak fixes 2002-01-08 15:37:42 +00:00
ian.mcgreer%sun.com
2885e10e1f fix pkcs12 bug where nicknames were disappearing 2002-01-07 19:53:47 +00:00
ian.mcgreer%sun.com
88456ce79c once again, solaris x86 does not like PR_LOG 2002-01-07 19:14:40 +00:00
ian.mcgreer%sun.com
34685581f3 PSM fixes 
* implement CERT_AddTempCertToPerm in 3.4
* update object instance lists when needed
* correctly check and allocate trust when changing it
 2002-01-07 16:45:26 +00:00
ian.mcgreer%sun.com
767516abf3 obey the isperm flag as in nss 3.3 2002-01-06 21:49:48 +00:00
relyea%netscape.com
996c78f1b0 Startup problems on new profiles: 1) Windows does not initially open the DB R/W 
on startup. 2) All platforms do not see the built-ins token if you startup with
a new profile.

Fix: 1) Escape the initialization parameters.
     2) Rebuild the Token iterator when new tokens are added to the trust domain.
 2002-01-05 03:00:10 +00:00
sonja.mirtitsch%sun.com
28cfebd131 taking out OSF 5 links 2002-01-04 21:41:23 +00:00
sonja.mirtitsch%sun.com
c7f03eff64 increased the number of tests and changed the fix about too many cache misses 
seee bugs #114964 and 118031
 2002-01-04 21:39:36 +00:00
sonja.mirtitsch%sun.com
8243a281b2 to avoid client and server writes at the same time write output to a tmp 
file first, and then the tmp file to stdout
the writes had lead to garbled messages that were then interpreted as
errormessages by the scripts
 2002-01-04 21:31:39 +00:00
ian.mcgreer%sun.com
05ea68ad0c implement trust ordering when merging trust 2002-01-04 19:21:54 +00:00
wtc%netscape.com
6aef8850f7 Bugzilla bug 110356: check in the generated files (oiddata.h and oiddata.c) 
to work around concurrent build failures on Unix and the generation of
these files on the Mac.
Modified files: Makefile manifest.mn
Added files: oiddata.c oiddata.h
 2002-01-04 05:22:07 +00:00
sonja.mirtitsch%sun.com
8d877b024f fixed qa_stat following an enhancement, that causes unexpected messaegs in the output.log 2002-01-04 00:24:28 +00:00
sonja.mirtitsch%sun.com
97127f127f fix for enhancemet request 114964 2002-01-03 23:58:23 +00:00
ian.mcgreer%sun.com
4998b907a9 only free slot if funrction returns correctly 2002-01-03 22:49:02 +00:00
ian.mcgreer%sun.com
990866d518 fix aix bustage 2002-01-03 20:19:55 +00:00
ian.mcgreer%sun.com
82b1f2de39 move handling of certificate reference counting into Stan. NSS 3.4 needs to maintain persistent references of both temp and perm certs in order to replicate the old temp database. 2002-01-03 20:09:30 +00:00
ian.mcgreer%sun.com
8461d4909b temp certs live in a trust domain. allows the idiom of "if not temp, try perm" to work in 3.4. 2001-12-21 19:14:04 +00:00
sonja.mirtitsch%sun.com
8b75779a00 more info to results.html 2001-12-21 00:29:32 +00:00
sonja.mirtitsch%sun.com
894416950a checking in fix for the new requirements for bug 73098 2001-12-20 23:26:59 +00:00
ian.mcgreer%sun.com
dc45d46baf some checks that were overlooked 2001-12-20 23:17:58 +00:00
kaie%netscape.com
9bc604a0dd Fix crash bug 115927 by incrementing the reference count of 
returned slot.
r=relyea
 2001-12-20 21:40:30 +00:00
ian.mcgreer%sun.com
401e82cad4 remove unneeded hack, put in a couple of error checks 2001-12-20 16:50:22 +00:00
ian.mcgreer%sun.com
a3208ecfde set the CERTCertificate nickname to be "Token Name:Cert Name" for backwards compatibility 2001-12-20 16:20:16 +00:00
nicolson%netscape.com
db2c849db7 Typo broke the build. 2001-12-19 21:37:30 +00:00
ian.mcgreer%sun.com
f33669a06f fix for 115957, hash table overloads cause problem (certs were not being removed properly) 2001-12-19 20:27:21 +00:00