[nss] Fix certificates trust order (#643134)
Elio Maldonado
emaldonado at fedoraproject.org
Mon Oct 18 22:49:38 UTC 2010
commit 27e3c898611c6af72844c575c42fb5f78ed235f7
Author: Elio Maldonado <emaldona at redhat.com>
Date: Mon Oct 18 15:46:56 2010 -0700
Fix certificates trust order (#643134)
Modify nss-sysinit-userdb-first.patch to apply it last
nss-sysinit-fix-trustorder.patch | 30 ++++++++++++++++++++++++++++++
1 files changed, 30 insertions(+), 0 deletions(-)
---
diff --git a/nss-sysinit-fix-trustorder.patch b/nss-sysinit-fix-trustorder.patch
new file mode 100644
index 0000000..fe50deb
--- /dev/null
+++ b/nss-sysinit-fix-trustorder.patch
@@ -0,0 +1,30 @@
+diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.fixtrust ./mozilla/security/nss/lib/sysinit/nsssysinit.c
+--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.fixtrust 2010-10-15 12:02:51.445637701 -0700
++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-10-15 12:06:52.731762282 -0700
+@@ -221,7 +221,7 @@ getFIPSMode(void)
+ * 2 for the key slot, and
+ * 3 for the crypto operations slot fips
+ */
+-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
++#define ORDER_FLAGS "cipherOrder=100"
+ #define SLOT_FLAGS \
+ "[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
+ " askpw=any timeout=30 ]"
+@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
+ "library= "
+ "module=\"NSS User database\" "
+ "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
+- "NSS=\"%sflags=internal%s\"",
++ "NSS=\"trustOrder=75 %sflags=internal%s\"",
+ userdb, stripped_parameters, nssflags,
+ isFIPS ? ",FIPS" : "");
+
+@@ -315,7 +315,7 @@ get_list(char *filename, char *stripped_
+ "library= "
+ "module=\"NSS system database\" "
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
++ "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
+ }
+
+ /* that was the last module */
More information about the scm-commits
mailing list