diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2010-09-15 05:43:23 +0800 |
---|---|---|
committer | David Woodhouse <David.Woodhouse@intel.com> | 2010-09-15 05:49:42 +0800 |
commit | 47d25995c5ca78ff530ce6a23faebf6547898e8e (patch) | |
tree | 6f35152927c900b83f25b6503f9357d94140383f /smime/lib | |
parent | c7f5d54cb7a978b2daf51cab0e1e3bae28a92a5d (diff) | |
download | gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar.gz gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar.bz2 gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar.lz gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar.xz gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.tar.zst gsoc2013-evolution-47d25995c5ca78ff530ce6a23faebf6547898e8e.zip |
Bug 626066 (again) - work around NSS bug #595861
Diffstat (limited to 'smime/lib')
-rw-r--r-- | smime/lib/e-cert-db.c | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c index 48376f2443..7fb3ea6215 100644 --- a/smime/lib/e-cert-db.c +++ b/smime/lib/e-cert-db.c @@ -936,17 +936,31 @@ handle_ca_cert_download (ECertDB *cert_db, GList *certs, GError **error) nickname, &trust); - /* - If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems - that the import *has* worked, but the setting of trust bits - failed -- so only set the trust. This *has* to be an NSS bug? + /* If we aren't logged into the token, then what *should* + happen is the above call should fail, and we should + authenticate and then try again. But see NSS bug #595861. + With NSS 3.12.6 at least, the above call will fail, but + it *will* have added the cert to the database, with + random trust bits. We have to authenticate and then set + the trust bits correctly. And calling + CERT_AddTempCertToPerm() again doesn't work either -- it'll + fail even though it arguably ought to succeed (which is + probably another NSS bug). + So if we get SEC_ERROR_TOKEN_NOT_LOGGED_IN, we first try + CERT_ChangeCertTrust(), and if that doesn't work we hope + we're on a fixed version of NSS and we try calling + CERT_AddTempCertToPerm() again instead. */ if (srv != SECSuccess && - PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN && - e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) + PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN && + e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) { srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), tmpCert, &trust); - + if (srv != SECSuccess) + srv = CERT_AddTempCertToPerm (tmpCert, + nickname, + &trust); + } if (srv != SECSuccess) { set_nss_error (error); return FALSE; |