[openldap/private-moznss-f17] one another update of private key retrieval
jvcelak
jvcelak at fedoraproject.org
Thu Aug 16 09:01:02 UTC 2012
commit 88c08d5f775eb1c12794d87fd21d368fed7a8c63
Author: Jan Vcelak <jvcelak at redhat.com>
Date: Thu Aug 16 10:59:55 2012 +0200
one another update of private key retrieval
openldap-nss-prefer-unlocked-key.patch | 23 ++++++++++++++++-------
openldap.spec | 4 ++--
2 files changed, 18 insertions(+), 9 deletions(-)
---
diff --git a/openldap-nss-prefer-unlocked-key.patch b/openldap-nss-prefer-unlocked-key.patch
index 61157b0..b9017ca 100644
--- a/openldap-nss-prefer-unlocked-key.patch
+++ b/openldap-nss-prefer-unlocked-key.patch
@@ -1,16 +1,25 @@
-From f3f3a58e68892dabbc1b99facad54836aa470571 Mon Sep 17 00:00:00 2001
+From d145ee5a6f0b05180407e1fa94a509d1652f7f95 Mon Sep 17 00:00:00 2001
From: Jan Vcelak <jvcelak at redhat.com>
Date: Mon, 13 Aug 2012 14:25:47 +0200
Subject: [PATCH] MozNSS: prefer unlocked slot when getting private key
---
- libraries/libldap/tls_m.c | 46 +++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 45 insertions(+), 1 deletion(-)
+ libraries/libldap/tls_m.c | 48 +++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 46 insertions(+), 2 deletions(-)
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
-index f37da06..5d7cedb 100644
+index f37da06..5022efb 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
+@@ -901,7 +901,7 @@ tlsm_get_pin(PK11SlotInfo *slot, PRBool retry, tlsm_ctx *ctx)
+ * capability the server would have to be started in foreground mode
+ * if using an encrypted key.
+ */
+- if ( ctx->tc_pin_file ) {
++ if ( ctx && ctx->tc_pin_file ) {
+ pwdstr = tlsm_get_pin_from_file( token_name, ctx );
+ if (retry && pwdstr != NULL)
+ return NULL;
@@ -990,6 +990,38 @@ tlsm_cert_is_self_issued( CERTCertificate *cert )
return is_self_issued;
}
@@ -20,7 +29,7 @@ index f37da06..5d7cedb 100644
+ * thread or library. Find the unlocked key if possible.
+ */
+static SECKEYPrivateKey *
-+tlsm_find_unlocked_key(tlsm_ctx *ctx)
++tlsm_find_unlocked_key(tlsm_ctx *ctx, void *pin_arg)
+{
+ SECKEYPrivateKey *result = NULL;
+
@@ -40,7 +49,7 @@ index f37da06..5d7cedb 100644
+ if (!PK11_IsLoggedIn(slot, NULL))
+ continue;
+
-+ result = PK11_FindKeyByDERCert(slot, ctx->tc_certificate, NULL);
++ result = PK11_FindKeyByDERCert(slot, ctx->tc_certificate, pin_arg);
+ }
+
+ PK11_FreeSlotList(slots);
@@ -55,7 +64,7 @@ index f37da06..5d7cedb 100644
void *pin_arg = SSL_RevealPinArg(ctx->tc_model);
- ctx->tc_private_key = PK11_FindKeyByAnyCert(ctx->tc_certificate, pin_arg);
-+ SECKEYPrivateKey *unlocked_key = tlsm_find_unlocked_key(ctx);
++ SECKEYPrivateKey *unlocked_key = tlsm_find_unlocked_key(ctx, pin_arg);
+ Debug(LDAP_DEBUG_ANY,
+ "TLS: %s unlocked certificate for certificate '%s'.\n",
+ unlocked_key ? "found" : "no", tlsm_ctx_subject_name(ctx), 0);
diff --git a/openldap.spec b/openldap.spec
index ef00442..5aedca2 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -8,7 +8,7 @@
Name: openldap
Version: 2.4.32
-Release: 1.2%{?dist}
+Release: 1.3%{?dist}
Summary: LDAP support libraries
Group: System Environment/Daemons
License: OpenLDAP
@@ -612,7 +612,7 @@ exit 0
%{evolution_connector_prefix}/
%changelog
-* Wed Aug 15 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.32-1.2
+* Thu Aug 16 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.32-1.3
- TEST BUILD
- enhancement: try to find unlocked private key when searching for it
More information about the scm-commits
mailing list