svn rev #25452: branches/krb5-1-10/src/ plugins/preauth/pkinit/

tlyu@MIT.EDU tlyu at MIT.EDU
Mon Nov 7 17:35:45 EST 2011 

http://src.mit.edu/fisheye/changelog/krb5/?cs=25452
Commit By: tlyu
Log Message:
ticket: 6999
version_fixed: 1.10
status: resolved

pull up r25445 from trunk

 ------------------------------------------------------------------------
 r25445 | ghudson | 2011-11-06 19:47:20 -0500 (Sun, 06 Nov 2011) | 8 lines

 ticket: 6999
 target_version: 1.10
 tags: pullup

 Fix warnings and version check for NSS pkinit

 From nalin at redhat.com.


Changed Files:
U   branches/krb5-1-10/src/configure.in
U   branches/krb5-1-10/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
Modified: branches/krb5-1-10/src/configure.in
===================================================================
--- branches/krb5-1-10/src/configure.in	2011-11-07 22:35:41 UTC (rev 25451)
+++ branches/krb5-1-10/src/configure.in	2011-11-07 22:35:45 UTC (rev 25452)
@@ -162,12 +162,10 @@
   CFLAGS="$CFLAGS $CRYPTO_IMPL_CFLAGS"
   AC_COMPILE_IFELSE([AC_LANG_SOURCE([
 #include <nss.h>
-#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 12)
+#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 13)
 #error
-#elif NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH < 9
-#error
 #endif
-  ])], [], [AC_MSG_ERROR([NSS version 3.12.9 or later required.])])
+  ])], [], [AC_MSG_ERROR([NSS version 3.13 or later required.])])
   CFLAGS=$save_CFLAGS
   ;;
 *)

Modified: branches/krb5-1-10/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
===================================================================
--- branches/krb5-1-10/src/plugins/preauth/pkinit/pkinit_crypto_nss.c	2011-11-07 22:35:41 UTC (rev 25451)
+++ branches/krb5-1-10/src/plugins/preauth/pkinit/pkinit_crypto_nss.c	2011-11-07 22:35:45 UTC (rev 25452)
@@ -2190,7 +2190,7 @@
 /* Resolve any ambiguities from having a duplicate nickname in the PKCS12
  * bundle and in the database, or the bag not providing a nickname.  Note: you
  * might expect "arg" to be a wincx, but it's actually a certificate!  (Mozilla
- * bug #321584) */
+ * bug #321584, fixed in 3.12, documented by #586163, in 3.13.) */
 static SECItem *
 crypto_nickname_c_cb(SECItem *old_nickname, PRBool *cancel, void *arg)
 {
@@ -3527,10 +3527,10 @@
                  !CERT_LIST_END(node, sclist);
              node = CERT_LIST_NEXT(node)) {
             /* If we have no trust for it, we can't trust it. */
-            if (cert->trust == NULL)
+            if (node->cert->trust == NULL)
                 continue;
             /* We need to trust it to issue client certs. */
-            trustf = SEC_GET_TRUST_FLAGS(cert->trust, trustSSL);
+            trustf = SEC_GET_TRUST_FLAGS(node->cert->trust, trustSSL);
             if (!(trustf & CERTDB_TRUSTED_CLIENT_CA))
                 continue;
             /* DestroyCertList frees all of the certs in the list,

More information about the cvs-krb5 mailing list