I don't know if it's the right fix, but it compiles. -- Jeffrey Stedfast Evolution Hacker - Novell, Inc. fejj ximian com - www.novell.com
? nssckbi.patch
Index: ChangeLog
===================================================================
RCS file: /cvs/gnome/evolution/smime/ChangeLog,v
retrieving revision 1.49
diff -u -r1.49 ChangeLog
--- ChangeLog 24 Feb 2005 02:18:50 -0000 1.49
+++ ChangeLog 22 Mar 2005 21:27:37 -0000
@@ -1,3 +1,9 @@
+2005-03-22 Jeffrey Stedfast <fejj novell com>
+
+ * lib/e-cert-db.c (install_loadable_roots): Copied Mozilla code to
+ check if the nssckbi root certs module was too old and if it was,
+ delete/unload it.
+
2005-02-21 Not Zed <NotZed Ximian com>
** See bug #68592
Index: lib/e-cert-db.c
===================================================================
RCS file: /cvs/gnome/evolution/smime/lib/e-cert-db.c,v
retrieving revision 1.15
diff -u -r1.15 e-cert-db.c
--- lib/e-cert-db.c 23 Feb 2005 18:57:00 -0000 1.15
+++ lib/e-cert-db.c 22 Mar 2005 21:27:38 -0000
@@ -78,6 +78,7 @@
#include "ssl.h"
#include "p12plcy.h"
#include "pk11func.h"
+#include "nssckbi.h"
#include "secmod.h"
#include "certdb.h"
#include "plstr.h"
@@ -213,44 +214,73 @@
static void
install_loadable_roots (void)
{
- gboolean has_roots;
- PK11SlotList *list;
-
- has_roots = FALSE;
- list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
- if (list) {
- PK11SlotListElement *le;
-
- for (le = list->head; le; le = le->next) {
- if (PK11_HasRootCerts(le->slot)) {
- has_roots = TRUE;
- break;
+ SECMODModuleList *list = SECMOD_GetDefaultModuleList ();
+ SECMODListLock *lock = SECMOD_GetDefaultModuleListLock ();
+ SECMODModule *RootsModule = NULL;
+ int i;
+
+ SECMOD_GetReadLock (lock);
+ while (!RootsModule && list) {
+ SECMODModule *module = list->module;
+
+ for (i = 0; i < module->slotCount; i++) {
+ PK11SlotInfo *slot = module->slots[i];
+ if (PK11_IsPresent (slot)) {
+ if (PK11_HasRootCerts(slot)) {
+ RootsModule = module;
+ break;
+ }
}
}
+
+ list = list->next;
}
-
- if (!has_roots) {
+ SECMOD_ReleaseReadLock (lock);
+
+ if (RootsModule) {
+ /* Check version, and unload module if it is too old */
+ CK_INFO info;
+ if (PK11_GetModInfo (RootsModule, &info) != SECSuccess) {
+ /* Do not use this module */
+ RootsModule = NULL;
+ } else {
+ /* NSS_BUILTINS_LIBRARY_VERSION_MAJOR and NSS_BUILTINS_LIBRARY_VERSION_MINOR
+ * define the version we expect to have.
+ * Later version are fine.
+ * Older versions are not ok, and we will replace with our own version.
+ */
+ if ((info.libraryVersion.major < NSS_BUILTINS_LIBRARY_VERSION_MAJOR)
+ || (info.libraryVersion.major == NSS_BUILTINS_LIBRARY_VERSION_MAJOR
+ && info.libraryVersion.minor < NSS_BUILTINS_LIBRARY_VERSION_MINOR)) {
+ PRInt32 modType;
+
+ SECMOD_DeleteModule (RootsModule->commonName, &modType);
+
+ RootsModule = NULL;
+ }
+ }
+ }
+
+ if (!RootsModule) {
/* grovel in various places for mozilla's built-in
cert module.
-
+
XXX yes this is gross. *sigh*
*/
char *paths_to_check[] = {
"/usr/lib",
"/usr/lib/mozilla",
};
- int i;
-
+
for (i = 0; i < G_N_ELEMENTS (paths_to_check); i ++) {
- char *dll_path = g_module_build_path (paths_to_check [i],
- "nssckbi");
-
+ char *dll_path = g_module_build_path (paths_to_check [i], "nssckbi");
+
if (g_file_test (dll_path, G_FILE_TEST_EXISTS)) {
SECMOD_AddNewModule("Mozilla Root Certs",dll_path, 0, 0);
g_free (dll_path);
break;
}
-
+
g_free (dll_path);
}
}
Attachment:
smime.p7s
Description: S/MIME cryptographic signature