Re: [evolution-patches] possible fix for nssckbi loading issues
- From: JP Rosevear <jpr novell com>
- To: Jeffrey Stedfast <fejj novell com>
- Cc: evolution-patches ximian com
- Subject: Re: [evolution-patches] possible fix for nssckbi loading issues
- Date: Wed, 23 Mar 2005 09:54:18 -0500
On Tue, 2005-03-22 at 16:26 -0500, Jeffrey Stedfast wrote:
> I don't know if it's the right fix, but it compiles.
Added one more case based on
http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSComponent.cpp#412
Which is to delete any existing module of the same name unconditionally
before adding the new root module (else it doesn't get added if the
versions are the same but the location changed).
-JP
--
JP Rosevear <jpr novell com>
Novell, Inc.
? cert-location-changed.patch
Index: ChangeLog
===================================================================
RCS file: /cvs/gnome/evolution/smime/ChangeLog,v
retrieving revision 1.49
diff -u -r1.49 ChangeLog
--- ChangeLog 24 Feb 2005 02:18:50 -0000 1.49
+++ ChangeLog 23 Mar 2005 14:53:06 -0000
@@ -1,3 +1,9 @@
+2005-03-22 Jeffrey Stedfast <fejj novell com>
+
+ * lib/e-cert-db.c (install_loadable_roots): Copied Mozilla code to
+ check if the nssckbi root certs module was too old and if it was,
+ delete/unload it.
+
2005-02-21 Not Zed <NotZed Ximian com>
** See bug #68592
Index: lib/e-cert-db.c
===================================================================
RCS file: /cvs/gnome/evolution/smime/lib/e-cert-db.c,v
retrieving revision 1.15
diff -u -r1.15 e-cert-db.c
--- lib/e-cert-db.c 23 Feb 2005 18:57:00 -0000 1.15
+++ lib/e-cert-db.c 23 Mar 2005 14:53:06 -0000
@@ -78,6 +78,7 @@
#include "ssl.h"
#include "p12plcy.h"
#include "pk11func.h"
+#include "nssckbi.h"
#include "secmod.h"
#include "certdb.h"
#include "plstr.h"
@@ -213,44 +214,81 @@
static void
install_loadable_roots (void)
{
- gboolean has_roots;
- PK11SlotList *list;
-
- has_roots = FALSE;
- list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
- if (list) {
- PK11SlotListElement *le;
-
- for (le = list->head; le; le = le->next) {
- if (PK11_HasRootCerts(le->slot)) {
- has_roots = TRUE;
- break;
+ SECMODModuleList *list = SECMOD_GetDefaultModuleList ();
+ SECMODListLock *lock = SECMOD_GetDefaultModuleListLock ();
+ SECMODModule *RootsModule = NULL;
+ int i;
+
+ SECMOD_GetReadLock (lock);
+ while (!RootsModule && list) {
+ SECMODModule *module = list->module;
+
+ for (i = 0; i < module->slotCount; i++) {
+ PK11SlotInfo *slot = module->slots[i];
+ if (PK11_IsPresent (slot)) {
+ if (PK11_HasRootCerts(slot)) {
+ RootsModule = module;
+ break;
+ }
}
}
+
+ list = list->next;
}
-
- if (!has_roots) {
+ SECMOD_ReleaseReadLock (lock);
+
+ if (RootsModule) {
+ /* Check version, and unload module if it is too old */
+ CK_INFO info;
+
+ if (PK11_GetModInfo (RootsModule, &info) != SECSuccess) {
+ /* Do not use this module */
+ RootsModule = NULL;
+ } else {
+ /* NSS_BUILTINS_LIBRARY_VERSION_MAJOR and NSS_BUILTINS_LIBRARY_VERSION_MINOR
+ * define the version we expect to have.
+ * Later version are fine.
+ * Older versions are not ok, and we will replace with our own version.
+ */
+ if ((info.libraryVersion.major < NSS_BUILTINS_LIBRARY_VERSION_MAJOR)
+ || (info.libraryVersion.major == NSS_BUILTINS_LIBRARY_VERSION_MAJOR
+ && info.libraryVersion.minor < NSS_BUILTINS_LIBRARY_VERSION_MINOR)) {
+ PRInt32 modType;
+
+ SECMOD_DeleteModule (RootsModule->commonName, &modType);
+
+ RootsModule = NULL;
+ }
+ }
+ }
+
+ if (!RootsModule) {
/* grovel in various places for mozilla's built-in
cert module.
-
+
XXX yes this is gross. *sigh*
*/
char *paths_to_check[] = {
"/usr/lib",
"/usr/lib/mozilla",
+ "/opt/mozilla/lib",
+ "/opt/mozilla/lib/mozilla"
};
- int i;
-
+
for (i = 0; i < G_N_ELEMENTS (paths_to_check); i ++) {
- char *dll_path = g_module_build_path (paths_to_check [i],
- "nssckbi");
-
+ char *dll_path = g_module_build_path (paths_to_check [i], "nssckbi");
+
if (g_file_test (dll_path, G_FILE_TEST_EXISTS)) {
+ PRInt32 modType;
+
+ /* Delete the existing module */
+ SECMOD_DeleteModule ("Mozilla Root Certs", &modType);
+
SECMOD_AddNewModule("Mozilla Root Certs",dll_path, 0, 0);
g_free (dll_path);
break;
}
-
+
g_free (dll_path);
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]