diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2010-09-14 03:58:33 +0800 |
---|---|---|
committer | David Woodhouse <David.Woodhouse@intel.com> | 2010-09-14 04:02:57 +0800 |
commit | 75d1c75617ccd515ca1ebee44dd47204e76f36e1 (patch) | |
tree | efec1ee2fbf37a403975d9fce838a9141313f4db | |
parent | 515ad2e6901a913a500ef77a2f4a0cd70135dff0 (diff) | |
download | gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.gz gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.bz2 gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.lz gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.xz gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.tar.zst gsoc2013-evolution-75d1c75617ccd515ca1ebee44dd47204e76f36e1.zip |
Bug 626066 - log in to NSS database on demand for changing trust
-rw-r--r-- | smime/gui/cert-trust-dialog.c | 4 | ||||
-rw-r--r-- | smime/gui/certificate-manager.c | 9 | ||||
-rw-r--r-- | smime/lib/e-cert-db.c | 37 | ||||
-rw-r--r-- | smime/lib/e-cert-db.h | 3 |
4 files changed, 41 insertions, 12 deletions
diff --git a/smime/gui/cert-trust-dialog.c b/smime/gui/cert-trust-dialog.c index cfd8ce464f..4f13ff2b74 100644 --- a/smime/gui/cert-trust-dialog.c +++ b/smime/gui/cert-trust-dialog.c @@ -73,7 +73,7 @@ ctd_response (GtkWidget *w, guint id, CertTrustDialogData *data) e_cert_trust_add_peer_trust (&trust, FALSE, gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (data->trust_button)), FALSE); - CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), icert, &trust); + e_cert_db_change_cert_trust (icert, &trust); break; case GTK_RESPONSE_ACCEPT: { /* just *what on earth* was chris thinking here!?!?! copied from certificate-manager.c */ @@ -101,7 +101,7 @@ ctd_response (GtkWidget *w, guint id, CertTrustDialogData *data) trust_email, trust_objsign); - CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), icert, &trust); + e_cert_db_change_cert_trust (icert, &trust); } gtk_widget_destroy (dialog); diff --git a/smime/gui/certificate-manager.c b/smime/gui/certificate-manager.c index 103b319ec3..624059c902 100644 --- a/smime/gui/certificate-manager.c +++ b/smime/gui/certificate-manager.c @@ -679,7 +679,7 @@ edit_ca (GtkWidget *widget, CertificateManagerData *cfm) trust_email, trust_objsign); - CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), icert, &trust); + e_cert_db_change_cert_trust (icert, &trust); } gtk_widget_destroy (dialog); @@ -1097,18 +1097,13 @@ certificate_manager_config_new (EPreferencesWindow *window) GtkWidget *parent; GtkWidget *widget; CertificateManagerData *cfm_data; - PK11SlotInfo* slot; - ECertDB *cert_db; shell = e_preferences_window_get_shell (window); g_return_val_if_fail (E_IS_SHELL (shell), NULL); /* We need to peek the db here to make sure it (and NSS) are fully initialized. */ - - cert_db = e_cert_db_peek(); - slot = PK11_GetInternalKeySlot(); - e_cert_db_login_to_slot(cert_db, slot); + e_cert_db_peek (); cfm_data = g_new0 (CertificateManagerData, 1); diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c index 8c6c6f0c04..48376f2443 100644 --- a/smime/lib/e-cert-db.c +++ b/smime/lib/e-cert-db.c @@ -936,7 +936,18 @@ handle_ca_cert_download (ECertDB *cert_db, GList *certs, GError **error) nickname, &trust); - if (srv != SECSuccess && PORT_GetError () != SEC_ERROR_TOKEN_NOT_LOGGED_IN) { + /* + If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems + that the import *has* worked, but the setting of trust bits + failed -- so only set the trust. This *has* to be an NSS bug? + */ + if (srv != SECSuccess && + PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN && + e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + tmpCert, &trust); + + if (srv != SECSuccess) { set_nss_error (error); return FALSE; } @@ -971,6 +982,27 @@ handle_ca_cert_download (ECertDB *cert_db, GList *certs, GError **error) return TRUE; } } +gboolean e_cert_db_change_cert_trust(CERTCertificate *cert, CERTCertTrust *trust) +{ + SECStatus srv; + + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + cert, trust); + if (srv != SECSuccess && + PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN && + e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + cert, trust); + + if (srv != SECSuccess) { + glong err = PORT_GetError(); + g_warning ("CERT_ChangeCertTrust() failed: %s\n", + nss_error_to_string(err)); + return FALSE; + } + return TRUE; +} + /* deleting certificates */ gboolean @@ -998,8 +1030,7 @@ e_cert_db_delete_cert (ECertDB *certdb, CERTCertTrust trust; e_cert_trust_init_with_values (&trust, 0, 0, 0); - CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), - cert, &trust); + return e_cert_db_change_cert_trust(cert, &trust); } return TRUE; diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h index 7d5f1855c2..6e1bc5a7c5 100644 --- a/smime/lib/e-cert-db.h +++ b/smime/lib/e-cert-db.h @@ -142,4 +142,7 @@ gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db, gboolean e_cert_db_login_to_slot (ECertDB *cert_db, PK11SlotInfo *slot); +gboolean e_cert_db_change_cert_trust (CERTCertificate *cert, + CERTCertTrust *trust); + #endif /* _E_CERT_DB_H_ */ |