[PATCH 2 of 2] Change loop order of installation to only call NSS_Initialize once per db
Wald Commits
scm-commit at wald.intevation.org
Thu Apr 24 19:05:08 CEST 2014
# HG changeset patch
# User Andre Heinecke <aheinecke at intevation.de>
# Date 1398359089 0
# Node ID 48d7b956bd98db868e8ef047264724a02ad41b3d
# Parent dcb014e7d32fa0a3478b103a42b90617011e00d6
Change loop order of installation to only call NSS_Initialize once per db
diff -r dcb014e7d32f -r 48d7b956bd98 cinst/mozilla.c
--- a/cinst/mozilla.c Thu Apr 24 16:06:00 2014 +0000
+++ b/cinst/mozilla.c Thu Apr 24 17:04:49 2014 +0000
@@ -438,34 +438,27 @@
char *cert_name = nss_cert_name(dercert);
DEBUGPRINTF("INSTALLING cert: '%s' to: %s\n", cert_name, pdir);
- if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess)
+ pk11slot = PK11_GetInternalKeySlot();
+ cert = CERT_DecodeCertFromPackage((char *)dercert->data,
+ (int)dercert->len);
+ trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust));
+ CERT_DecodeTrustString(trust, "C");
+ if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE,
+ cert_name, PR_FALSE)
+ == SECSuccess) &&
+ (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust)
+ == SECSuccess))
{
- pk11slot = PK11_GetInternalKeySlot();
- cert = CERT_DecodeCertFromPackage((char *)dercert->data,
- (int)dercert->len);
- trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust));
- CERT_DecodeTrustString(trust, "C");
- if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE,
- cert_name, PR_FALSE)
- == SECSuccess) &&
- (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust)
- == SECSuccess))
- {
- success = true;
- }
- else
- {
- DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
- }
- CERT_DestroyCertificate (cert);
- free(trust);
- PK11_FreeSlot(pk11slot);
- NSS_Shutdown();
+ success = true;
}
else
{
- DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir);
+ DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
+ ERRORPRINTF("Error installing certificate err: %i\n", PORT_GetError());
}
+ CERT_DestroyCertificate (cert);
+ free(trust);
+ PK11_FreeSlot(pk11slot);
free(cert_name);
return success;
@@ -544,18 +537,25 @@
apply_to_certs_and_profiles(bool fn(char *, SECItem *),
seciteml_t **certs, char **pdirs)
{
- SECItem *cert;
bool success = true;
- while ((cert = seciteml_pop(certs)) != NULL)
+ for (int i=0; pdirs[i] != NULL; i++)
{
- for (int i=0; pdirs[i] != NULL; i++)
+ seciteml_t *iter = *certs;
+ if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0) != SECSuccess)
{
+ DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdirs[i]);
+ continue;
+ }
+
+ while (iter != NULL && iter->item != NULL)
+ {
+ SECItem *cert = iter->item;
if (! (*fn)(pdirs[i], cert))
success = false;
+ iter = iter->next;
}
- free(cert->data);
- free(cert);
+ NSS_Shutdown();
}
return success;
diff -r dcb014e7d32f -r 48d7b956bd98 cinst/nss-secitemlist.c
--- a/cinst/nss-secitemlist.c Thu Apr 24 16:06:00 2014 +0000
+++ b/cinst/nss-secitemlist.c Thu Apr 24 17:04:49 2014 +0000
@@ -20,6 +20,20 @@
*list = newlelt;
}
+void
+seciteml_free (seciteml_t **list)
+{
+ seciteml_t *oldlelt;
+
+ while (*list != NULL)
+ {
+ oldlelt = *list;
+ *list = oldlelt->next;
+ free(oldlelt->item);
+ free(oldlelt);
+ }
+}
+
SECItem *seciteml_pop (seciteml_t **list)
{
seciteml_t *oldlelt;
diff -r dcb014e7d32f -r 48d7b956bd98 cinst/nss-secitemlist.h
--- a/cinst/nss-secitemlist.h Thu Apr 24 16:06:00 2014 +0000
+++ b/cinst/nss-secitemlist.h Thu Apr 24 17:04:49 2014 +0000
@@ -44,4 +44,14 @@
*/
SECItem *seciteml_pop (seciteml_t **list);
+/**
+ * @brief Free a secitem list
+ *
+ * Frees a secitem list
+ *
+ * @param[inout] list pointer to the list which should be freed. set to NULL
+ */
+void seciteml_free (seciteml_t **list);
+
+
#endif
More information about the Trustbridge-commits
mailing list