From 5c29c7bf5dce714335548872d01630fcf589bd5b Mon Sep 17 00:00:00 2001 From: Petr Mladek Date: Fri, 1 Oct 2010 17:20:31 +0200 Subject: xmlsecurity-build-with-nss-3.12.0.diff: Support older system nss --- xmlsecurity/source/xmlsec/nss/certerrors.h | 12 +++++++++++- .../xmlsec/nss/securityenvironment_nssimpl.cxx | 21 ++++++++++++++------- 2 files changed, 25 insertions(+), 8 deletions(-) (limited to 'xmlsecurity') diff --git a/xmlsecurity/source/xmlsec/nss/certerrors.h b/xmlsecurity/source/xmlsec/nss/certerrors.h index 9b9801f21f59..7fc37474116c 100644 --- a/xmlsecurity/source/xmlsec/nss/certerrors.h +++ b/xmlsecurity/source/xmlsec/nss/certerrors.h @@ -28,7 +28,6 @@ * ************************************************************************/ - {SEC_ERROR_IO, "An I/O error occurred during security authorization."}, {SEC_ERROR_LIBRARY_FAILURE, "security library failure."}, @@ -372,13 +371,24 @@ an existing cert, but that is not the same cert."}, {SEC_ERROR_LIBPKIX_INTERNAL, "Libpkix internal error occured during cert validation."}, +#if ( NSS_VMAJOR > 3 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR > 12 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH > 2 ) +// following 3 errors got first used in NSS 3.12.3 +// they were in the header even in 3.12.2 but there was missing the mapping in pk11err.c +// see also https://bugzilla.mozilla.org/show_bug.cgi?id=453364 + {SEC_ERROR_PKCS11_GENERAL_ERROR, "A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred."}, {SEC_ERROR_PKCS11_FUNCTION_FAILED, "A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed."}, {SEC_ERROR_PKCS11_DEVICE_ERROR, "A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot."}, +#endif + +#if ( NSS_VMAJOR > 3 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR > 12 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH > 3 ) +// following 2 errors got added in NSS 3.12.4 + {SEC_ERROR_BAD_INFO_ACCESS_METHOD, "Unknown information access method in certificate extension."}, {SEC_ERROR_CRL_IMPORT_FAILED, "Error attempting to import a CRL."}, +#endif diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx index 9458424afa7c..3bd03822cdc0 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -830,9 +830,14 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, CERT_DisableOCSPDefaultResponder(certDb); CERTValOutParam cvout[5]; CERTValInParam cvin[3]; + int ncvinCount=0; - cvin[0].type = cert_pi_useAIACertFetch; - cvin[0].value.scalar.b = PR_TRUE; +#if ( NSS_VMAJOR > 3 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR > 12 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH > 0 ) + // cert_pi_useAIACertFetch was added in NSS 3.12.1 + cvin[ncvinCount].type = cert_pi_useAIACertFetch; + cvin[ncvinCount].value.scalar.b = PR_TRUE; + ncvinCount++; +#endif PRUint64 revFlagsLeaf[2]; PRUint64 revFlagsChain[2]; @@ -879,12 +884,14 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, // | CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE; - cvin[1].type = cert_pi_revocationFlags; - cvin[1].value.pointer.revocation = &rev; + cvin[ncvinCount].type = cert_pi_revocationFlags; + cvin[ncvinCount].value.pointer.revocation = &rev; + ncvinCount++; // does not work, not implemented yet in 3.12.4 -// cvin[2].type = cert_pi_keyusage; -// cvin[2].value.scalar.ui = KU_DIGITAL_SIGNATURE; - cvin[2].type = cert_pi_end; +// cvin[ncvinCount].type = cert_pi_keyusage; +// cvin[ncvinCount].value.scalar.ui = KU_DIGITAL_SIGNATURE; +// ncvinCount++; + cvin[ncvinCount].type = cert_pi_end; cvout[0].type = cert_po_trustAnchor; cvout[0].value.pointer.cert = NULL; -- cgit v1.2.3