aboutsummaryrefslogtreecommitdiffstats
path: root/smime/lib
diff options
context:
space:
mode:
authorDavid Woodhouse <David.Woodhouse@intel.com>2010-09-15 05:43:23 +0800
committerDavid Woodhouse <David.Woodhouse@intel.com>2010-09-15 05:49:42 +0800
commit47d25995c5ca78ff530ce6a23faebf6547898e8e (patch)
tree6f35152927c900b83f25b6503f9357d94140383f /smime/lib
parentc7f5d54cb7a978b2daf51cab0e1e3bae28a92a5d (diff)
downloadgsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar
gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar.gz
gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar.bz2
gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar.lz
gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar.xz
gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar.zst
gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.zip
Bug 626066 (again) - work around NSS bug #595861
Diffstat (limited to 'smime/lib')
-rw-r--r--smime/lib/e-cert-db.c28
1 files changed, 21 insertions, 7 deletions
diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c
index 48376f2443..7fb3ea6215 100644
--- a/smime/lib/e-cert-db.c
+++ b/smime/lib/e-cert-db.c
@@ -936,17 +936,31 @@ handle_ca_cert_download (ECertDB *cert_db, GList *certs, GError **error)
nickname,
&trust);
- /*
- If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems
- that the import *has* worked, but the setting of trust bits
- failed -- so only set the trust. This *has* to be an NSS bug?
+ /* If we aren't logged into the token, then what *should*
+ happen is the above call should fail, and we should
+ authenticate and then try again. But see NSS bug #595861.
+ With NSS 3.12.6 at least, the above call will fail, but
+ it *will* have added the cert to the database, with
+ random trust bits. We have to authenticate and then set
+ the trust bits correctly. And calling
+ CERT_AddTempCertToPerm() again doesn't work either -- it'll
+ fail even though it arguably ought to succeed (which is
+ probably another NSS bug).
+ So if we get SEC_ERROR_TOKEN_NOT_LOGGED_IN, we first try
+ CERT_ChangeCertTrust(), and if that doesn't work we hope
+ we're on a fixed version of NSS and we try calling
+ CERT_AddTempCertToPerm() again instead.
*/
if (srv != SECSuccess &&
- PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN &&
- e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot()))
+ PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN &&
+ e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) {
srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
tmpCert, &trust);
-
+ if (srv != SECSuccess)
+ srv = CERT_AddTempCertToPerm (tmpCert,
+ nickname,
+ &trust);
+ }
if (srv != SECSuccess) {
set_nss_error (error);
return FALSE;