aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Woodhouse <David.Woodhouse@intel.com>2010-09-14 03:58:33 +0800
committerDavid Woodhouse <David.Woodhouse@intel.com>2010-09-14 04:02:57 +0800
commit75d1c75617ccd515ca1ebee44dd47204e76f36e1 (patch)
treeefec1ee2fbf37a403975d9fce838a9141313f4db
parent515ad2e6901a913a500ef77a2f4a0cd70135dff0 (diff)
downloadgsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar
gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.gz
gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.bz2
gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.lz
gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.xz
gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.zst
gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.zip
Bug 626066 - log in to NSS database on demand for changing trust
-rw-r--r--smime/gui/cert-trust-dialog.c4
-rw-r--r--smime/gui/certificate-manager.c9
-rw-r--r--smime/lib/e-cert-db.c37
-rw-r--r--smime/lib/e-cert-db.h3
4 files changed, 41 insertions, 12 deletions
diff --git a/smime/gui/cert-trust-dialog.c b/smime/gui/cert-trust-dialog.c
index cfd8ce464f..4f13ff2b74 100644
--- a/smime/gui/cert-trust-dialog.c
+++ b/smime/gui/cert-trust-dialog.c
@@ -73,7 +73,7 @@ ctd_response (GtkWidget *w, guint id, CertTrustDialogData *data)
e_cert_trust_add_peer_trust (&trust, FALSE,
gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (data->trust_button)),
FALSE);
- CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), icert, &trust);
+ e_cert_db_change_cert_trust (icert, &trust);
break;
case GTK_RESPONSE_ACCEPT: {
/* just *what on earth* was chris thinking here!?!?! copied from certificate-manager.c */
@@ -101,7 +101,7 @@ ctd_response (GtkWidget *w, guint id, CertTrustDialogData *data)
trust_email,
trust_objsign);
- CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), icert, &trust);
+ e_cert_db_change_cert_trust (icert, &trust);
}
gtk_widget_destroy (dialog);
diff --git a/smime/gui/certificate-manager.c b/smime/gui/certificate-manager.c
index 103b319ec3..624059c902 100644
--- a/smime/gui/certificate-manager.c
+++ b/smime/gui/certificate-manager.c
@@ -679,7 +679,7 @@ edit_ca (GtkWidget *widget, CertificateManagerData *cfm)
trust_email,
trust_objsign);
- CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), icert, &trust);
+ e_cert_db_change_cert_trust (icert, &trust);
}
gtk_widget_destroy (dialog);
@@ -1097,18 +1097,13 @@ certificate_manager_config_new (EPreferencesWindow *window)
GtkWidget *parent;
GtkWidget *widget;
CertificateManagerData *cfm_data;
- PK11SlotInfo* slot;
- ECertDB *cert_db;
shell = e_preferences_window_get_shell (window);
g_return_val_if_fail (E_IS_SHELL (shell), NULL);
/* We need to peek the db here to make sure it (and NSS) are fully initialized. */
-
- cert_db = e_cert_db_peek();
- slot = PK11_GetInternalKeySlot();
- e_cert_db_login_to_slot(cert_db, slot);
+ e_cert_db_peek ();
cfm_data = g_new0 (CertificateManagerData, 1);
diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c
index 8c6c6f0c04..48376f2443 100644
--- a/smime/lib/e-cert-db.c
+++ b/smime/lib/e-cert-db.c
@@ -936,7 +936,18 @@ handle_ca_cert_download (ECertDB *cert_db, GList *certs, GError **error)
nickname,
&trust);
- if (srv != SECSuccess && PORT_GetError () != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+ /*
+ If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems
+ that the import *has* worked, but the setting of trust bits
+ failed -- so only set the trust. This *has* to be an NSS bug?
+ */
+ if (srv != SECSuccess &&
+ PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN &&
+ e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot()))
+ srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
+ tmpCert, &trust);
+
+ if (srv != SECSuccess) {
set_nss_error (error);
return FALSE;
}
@@ -971,6 +982,27 @@ handle_ca_cert_download (ECertDB *cert_db, GList *certs, GError **error)
return TRUE;
}
}
+gboolean e_cert_db_change_cert_trust(CERTCertificate *cert, CERTCertTrust *trust)
+{
+ SECStatus srv;
+
+ srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
+ cert, trust);
+ if (srv != SECSuccess &&
+ PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN &&
+ e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot()))
+ srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
+ cert, trust);
+
+ if (srv != SECSuccess) {
+ glong err = PORT_GetError();
+ g_warning ("CERT_ChangeCertTrust() failed: %s\n",
+ nss_error_to_string(err));
+ return FALSE;
+ }
+ return TRUE;
+}
+
/* deleting certificates */
gboolean
@@ -998,8 +1030,7 @@ e_cert_db_delete_cert (ECertDB *certdb,
CERTCertTrust trust;
e_cert_trust_init_with_values (&trust, 0, 0, 0);
- CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
- cert, &trust);
+ return e_cert_db_change_cert_trust(cert, &trust);
}
return TRUE;
diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h
index 7d5f1855c2..6e1bc5a7c5 100644
--- a/smime/lib/e-cert-db.h
+++ b/smime/lib/e-cert-db.h
@@ -142,4 +142,7 @@ gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db,
gboolean e_cert_db_login_to_slot (ECertDB *cert_db,
PK11SlotInfo *slot);
+gboolean e_cert_db_change_cert_trust (CERTCertificate *cert,
+ CERTCertTrust *trust);
+
#endif /* _E_CERT_DB_H_ */