diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2010-09-14 03:58:33 +0800 |
---|---|---|
committer | David Woodhouse <David.Woodhouse@intel.com> | 2010-09-14 04:02:57 +0800 |
commit | 75d1c75617ccd515ca1ebee44dd47204e76f36e1 (patch) | |
tree | efec1ee2fbf37a403975d9fce838a9141313f4db /smime/lib | |
parent | 515ad2e6901a913a500ef77a2f4a0cd70135dff0 (diff) | |
download | gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.gz gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.zst gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.zip |
Bug 626066 - log in to NSS database on demand for changing trust
Diffstat (limited to 'smime/lib')
-rw-r--r-- | smime/lib/e-cert-db.c | 37 | ||||
-rw-r--r-- | smime/lib/e-cert-db.h | 3 |
2 files changed, 37 insertions, 3 deletions
diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c index 8c6c6f0c04..48376f2443 100644 --- a/smime/lib/e-cert-db.c +++ b/smime/lib/e-cert-db.c @@ -936,7 +936,18 @@ handle_ca_cert_download (ECertDB *cert_db, GList *certs, GError **error) nickname, &trust); - if (srv != SECSuccess && PORT_GetError () != SEC_ERROR_TOKEN_NOT_LOGGED_IN) { + /* + If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems + that the import *has* worked, but the setting of trust bits + failed -- so only set the trust. This *has* to be an NSS bug? + */ + if (srv != SECSuccess && + PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN && + e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + tmpCert, &trust); + + if (srv != SECSuccess) { set_nss_error (error); return FALSE; } @@ -971,6 +982,27 @@ handle_ca_cert_download (ECertDB *cert_db, GList *certs, GError **error) return TRUE; } } +gboolean e_cert_db_change_cert_trust(CERTCertificate *cert, CERTCertTrust *trust) +{ + SECStatus srv; + + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + cert, trust); + if (srv != SECSuccess && + PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN && + e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + cert, trust); + + if (srv != SECSuccess) { + glong err = PORT_GetError(); + g_warning ("CERT_ChangeCertTrust() failed: %s\n", + nss_error_to_string(err)); + return FALSE; + } + return TRUE; +} + /* deleting certificates */ gboolean @@ -998,8 +1030,7 @@ e_cert_db_delete_cert (ECertDB *certdb, CERTCertTrust trust; e_cert_trust_init_with_values (&trust, 0, 0, 0); - CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), - cert, &trust); + return e_cert_db_change_cert_trust(cert, &trust); } return TRUE; diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h index 7d5f1855c2..6e1bc5a7c5 100644 --- a/smime/lib/e-cert-db.h +++ b/smime/lib/e-cert-db.h @@ -142,4 +142,7 @@ gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db, gboolean e_cert_db_login_to_slot (ECertDB *cert_db, PK11SlotInfo *slot); +gboolean e_cert_db_change_cert_trust (CERTCertificate *cert, + CERTCertTrust *trust); + #endif /* _E_CERT_DB_H_ */ |