[ooo-build-commit] .: xmlsecurity/source
Fridrich Strba
fridrich at kemper.freedesktop.org
Fri Oct 1 08:24:17 PDT 2010
xmlsecurity/source/xmlsec/nss/certerrors.h | 12 +++++
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 21 ++++++----
2 files changed, 25 insertions(+), 8 deletions(-)
New commits:
commit 80aee06918520fb2e71be0a6e6f9af28171730a0
Author: Petr Mladek <pmladek at suse.cz>
Date: Fri Oct 1 17:20:31 2010 +0200
xmlsecurity-build-with-nss-3.12.0.diff: Support older system nss
diff --git a/xmlsecurity/source/xmlsec/nss/certerrors.h b/xmlsecurity/source/xmlsec/nss/certerrors.h
index 2b68e2d..8c8f080 100644
--- a/xmlsecurity/source/xmlsec/nss/certerrors.h
+++ b/xmlsecurity/source/xmlsec/nss/certerrors.h
@@ -28,7 +28,6 @@
*
************************************************************************/
-
{SEC_ERROR_IO, "An I/O error occurred during security authorization."},
{SEC_ERROR_LIBRARY_FAILURE, "security library failure."},
@@ -372,13 +371,24 @@ an existing cert, but that is not the same cert."},
{SEC_ERROR_LIBPKIX_INTERNAL, "Libpkix internal error occured during cert validation."},
+#if ( NSS_VMAJOR > 3 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR > 12 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH > 2 )
+// following 3 errors got first used in NSS 3.12.3
+// they were in the header even in 3.12.2 but there was missing the mapping in pk11err.c
+// see also https://bugzilla.mozilla.org/show_bug.cgi?id=453364
+
{SEC_ERROR_PKCS11_GENERAL_ERROR, "A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred."},
{SEC_ERROR_PKCS11_FUNCTION_FAILED, "A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed."},
{SEC_ERROR_PKCS11_DEVICE_ERROR, "A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot."},
+#endif
+
+#if ( NSS_VMAJOR > 3 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR > 12 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH > 3 )
+// following 2 errors got added in NSS 3.12.4
+
{SEC_ERROR_BAD_INFO_ACCESS_METHOD, "Unknown information access method in certificate extension."},
{SEC_ERROR_CRL_IMPORT_FAILED, "Error attempting to import a CRL."},
+#endif
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index 89c0536..0b4cfaa 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -830,9 +830,14 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert,
CERT_DisableOCSPDefaultResponder(certDb);
CERTValOutParam cvout[5];
CERTValInParam cvin[3];
+ int ncvinCount=0;
- cvin[0].type = cert_pi_useAIACertFetch;
- cvin[0].value.scalar.b = PR_TRUE;
+#if ( NSS_VMAJOR > 3 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR > 12 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH > 0 )
+ // cert_pi_useAIACertFetch was added in NSS 3.12.1
+ cvin[ncvinCount].type = cert_pi_useAIACertFetch;
+ cvin[ncvinCount].value.scalar.b = PR_TRUE;
+ ncvinCount++;
+#endif
PRUint64 revFlagsLeaf[2];
PRUint64 revFlagsChain[2];
@@ -879,12 +884,14 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert,
// | CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
- cvin[1].type = cert_pi_revocationFlags;
- cvin[1].value.pointer.revocation = &rev;
+ cvin[ncvinCount].type = cert_pi_revocationFlags;
+ cvin[ncvinCount].value.pointer.revocation = &rev;
+ ncvinCount++;
// does not work, not implemented yet in 3.12.4
-// cvin[2].type = cert_pi_keyusage;
-// cvin[2].value.scalar.ui = KU_DIGITAL_SIGNATURE;
- cvin[2].type = cert_pi_end;
+// cvin[ncvinCount].type = cert_pi_keyusage;
+// cvin[ncvinCount].value.scalar.ui = KU_DIGITAL_SIGNATURE;
+// ncvinCount++;
+ cvin[ncvinCount].type = cert_pi_end;
cvout[0].type = cert_po_trustAnchor;
cvout[0].value.pointer.cert = NULL;
More information about the ooo-build-commit
mailing list