[openldap/private-moznss-f17] one another update of private key retrieval

jvcelak jvcelak at fedoraproject.org
Thu Aug 16 09:01:02 UTC 2012 

commit 88c08d5f775eb1c12794d87fd21d368fed7a8c63
Author: Jan Vcelak <jvcelak at redhat.com>
Date:   Thu Aug 16 10:59:55 2012 +0200

    one another update of private key retrieval

 openldap-nss-prefer-unlocked-key.patch |   23 ++++++++++++++++-------
 openldap.spec                          |    4 ++--
 2 files changed, 18 insertions(+), 9 deletions(-)
---
diff --git a/openldap-nss-prefer-unlocked-key.patch b/openldap-nss-prefer-unlocked-key.patch
index 61157b0..b9017ca 100644
--- a/openldap-nss-prefer-unlocked-key.patch
+++ b/openldap-nss-prefer-unlocked-key.patch
@@ -1,16 +1,25 @@
-From f3f3a58e68892dabbc1b99facad54836aa470571 Mon Sep 17 00:00:00 2001
+From d145ee5a6f0b05180407e1fa94a509d1652f7f95 Mon Sep 17 00:00:00 2001
 From: Jan Vcelak <jvcelak at redhat.com>
 Date: Mon, 13 Aug 2012 14:25:47 +0200
 Subject: [PATCH] MozNSS: prefer unlocked slot when getting private key
 
 ---
- libraries/libldap/tls_m.c | 46 +++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 45 insertions(+), 1 deletion(-)
+ libraries/libldap/tls_m.c | 48 +++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 46 insertions(+), 2 deletions(-)
 
 diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
-index f37da06..5d7cedb 100644
+index f37da06..5022efb 100644
 --- a/libraries/libldap/tls_m.c
 +++ b/libraries/libldap/tls_m.c
+@@ -901,7 +901,7 @@ tlsm_get_pin(PK11SlotInfo *slot, PRBool retry, tlsm_ctx *ctx)
+ 	 * capability the server would have to be started in foreground mode
+ 	 * if using an encrypted key.
+ 	 */
+-	if ( ctx->tc_pin_file ) {
++	if ( ctx && ctx->tc_pin_file ) {
+ 		pwdstr = tlsm_get_pin_from_file( token_name, ctx );
+ 		if (retry && pwdstr != NULL)
+ 			return NULL;
 @@ -990,6 +990,38 @@ tlsm_cert_is_self_issued( CERTCertificate *cert )
  	return is_self_issued;
  }
@@ -20,7 +29,7 @@ index f37da06..5d7cedb 100644
 + * thread or library. Find the unlocked key if possible.
 + */
 +static SECKEYPrivateKey *
-+tlsm_find_unlocked_key(tlsm_ctx *ctx)
++tlsm_find_unlocked_key(tlsm_ctx *ctx, void *pin_arg)
 +{
 +	SECKEYPrivateKey *result = NULL;
 +
@@ -40,7 +49,7 @@ index f37da06..5d7cedb 100644
 +		if (!PK11_IsLoggedIn(slot, NULL))
 +			continue;
 +
-+		result = PK11_FindKeyByDERCert(slot, ctx->tc_certificate, NULL);
++		result = PK11_FindKeyByDERCert(slot, ctx->tc_certificate, pin_arg);
 +	}
 +
 +	PK11_FreeSlotList(slots);
@@ -55,7 +64,7 @@ index f37da06..5d7cedb 100644
  	void *pin_arg = SSL_RevealPinArg(ctx->tc_model);
  
 -	ctx->tc_private_key = PK11_FindKeyByAnyCert(ctx->tc_certificate, pin_arg);
-+	SECKEYPrivateKey *unlocked_key = tlsm_find_unlocked_key(ctx);
++	SECKEYPrivateKey *unlocked_key = tlsm_find_unlocked_key(ctx, pin_arg);
 +	Debug(LDAP_DEBUG_ANY,
 +			"TLS: %s unlocked certificate for certificate '%s'.\n",
 +			unlocked_key ? "found" : "no", tlsm_ctx_subject_name(ctx), 0);
diff --git a/openldap.spec b/openldap.spec
index ef00442..5aedca2 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -8,7 +8,7 @@
 
 Name: openldap
 Version: 2.4.32
-Release: 1.2%{?dist}
+Release: 1.3%{?dist}
 Summary: LDAP support libraries
 Group: System Environment/Daemons
 License: OpenLDAP
@@ -612,7 +612,7 @@ exit 0
 %{evolution_connector_prefix}/
 
 %changelog
-* Wed Aug 15 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.32-1.2
+* Thu Aug 16 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.32-1.3
 - TEST BUILD
 - enhancement: try to find unlocked private key when searching for it

More information about the scm-commits mailing list