I don't know if it's the right fix, but it compiles. -- Jeffrey Stedfast Evolution Hacker - Novell, Inc. fejj ximian com - www.novell.com
? nssckbi.patch Index: ChangeLog =================================================================== RCS file: /cvs/gnome/evolution/smime/ChangeLog,v retrieving revision 1.49 diff -u -r1.49 ChangeLog --- ChangeLog 24 Feb 2005 02:18:50 -0000 1.49 +++ ChangeLog 22 Mar 2005 21:27:37 -0000 @@ -1,3 +1,9 @@ +2005-03-22 Jeffrey Stedfast <fejj novell com> + + * lib/e-cert-db.c (install_loadable_roots): Copied Mozilla code to + check if the nssckbi root certs module was too old and if it was, + delete/unload it. + 2005-02-21 Not Zed <NotZed Ximian com> ** See bug #68592 Index: lib/e-cert-db.c =================================================================== RCS file: /cvs/gnome/evolution/smime/lib/e-cert-db.c,v retrieving revision 1.15 diff -u -r1.15 e-cert-db.c --- lib/e-cert-db.c 23 Feb 2005 18:57:00 -0000 1.15 +++ lib/e-cert-db.c 22 Mar 2005 21:27:38 -0000 @@ -78,6 +78,7 @@ #include "ssl.h" #include "p12plcy.h" #include "pk11func.h" +#include "nssckbi.h" #include "secmod.h" #include "certdb.h" #include "plstr.h" @@ -213,44 +214,73 @@ static void install_loadable_roots (void) { - gboolean has_roots; - PK11SlotList *list; - - has_roots = FALSE; - list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL); - if (list) { - PK11SlotListElement *le; - - for (le = list->head; le; le = le->next) { - if (PK11_HasRootCerts(le->slot)) { - has_roots = TRUE; - break; + SECMODModuleList *list = SECMOD_GetDefaultModuleList (); + SECMODListLock *lock = SECMOD_GetDefaultModuleListLock (); + SECMODModule *RootsModule = NULL; + int i; + + SECMOD_GetReadLock (lock); + while (!RootsModule && list) { + SECMODModule *module = list->module; + + for (i = 0; i < module->slotCount; i++) { + PK11SlotInfo *slot = module->slots[i]; + if (PK11_IsPresent (slot)) { + if (PK11_HasRootCerts(slot)) { + RootsModule = module; + break; + } } } + + list = list->next; } - - if (!has_roots) { + SECMOD_ReleaseReadLock (lock); + + if (RootsModule) { + /* Check version, and unload module if it is too old */ + CK_INFO info; + if (PK11_GetModInfo (RootsModule, &info) != SECSuccess) { + /* Do not use this module */ + RootsModule = NULL; + } else { + /* NSS_BUILTINS_LIBRARY_VERSION_MAJOR and NSS_BUILTINS_LIBRARY_VERSION_MINOR + * define the version we expect to have. + * Later version are fine. + * Older versions are not ok, and we will replace with our own version. + */ + if ((info.libraryVersion.major < NSS_BUILTINS_LIBRARY_VERSION_MAJOR) + || (info.libraryVersion.major == NSS_BUILTINS_LIBRARY_VERSION_MAJOR + && info.libraryVersion.minor < NSS_BUILTINS_LIBRARY_VERSION_MINOR)) { + PRInt32 modType; + + SECMOD_DeleteModule (RootsModule->commonName, &modType); + + RootsModule = NULL; + } + } + } + + if (!RootsModule) { /* grovel in various places for mozilla's built-in cert module. - + XXX yes this is gross. *sigh* */ char *paths_to_check[] = { "/usr/lib", "/usr/lib/mozilla", }; - int i; - + for (i = 0; i < G_N_ELEMENTS (paths_to_check); i ++) { - char *dll_path = g_module_build_path (paths_to_check [i], - "nssckbi"); - + char *dll_path = g_module_build_path (paths_to_check [i], "nssckbi"); + if (g_file_test (dll_path, G_FILE_TEST_EXISTS)) { SECMOD_AddNewModule("Mozilla Root Certs",dll_path, 0, 0); g_free (dll_path); break; } - + g_free (dll_path); } }
Attachment:
smime.p7s
Description: S/MIME cryptographic signature