From: Tom Yu Date: Mon, 7 Nov 2011 22:35:45 +0000 (+0000) Subject: pull up r25445 from trunk X-Git-Tag: krb5-1.10-alpha2~29 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ba8aaf533893cbd369d98d44958190d94a1c88f8;p=krb5.git pull up r25445 from trunk ------------------------------------------------------------------------ r25445 | ghudson | 2011-11-06 19:47:20 -0500 (Sun, 06 Nov 2011) | 8 lines ticket: 6999 target_version: 1.10 tags: pullup Fix warnings and version check for NSS pkinit From nalin@redhat.com. ticket: 6999 version_fixed: 1.10 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-10@25452 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/configure.in b/src/configure.in index e5de90335..6aae2f5d6 100644 --- a/src/configure.in +++ b/src/configure.in @@ -162,12 +162,10 @@ nss) CFLAGS="$CFLAGS $CRYPTO_IMPL_CFLAGS" AC_COMPILE_IFELSE([AC_LANG_SOURCE([ #include -#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 12) -#error -#elif NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH < 9 +#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 13) #error #endif - ])], [], [AC_MSG_ERROR([NSS version 3.12.9 or later required.])]) + ])], [], [AC_MSG_ERROR([NSS version 3.13 or later required.])]) CFLAGS=$save_CFLAGS ;; *) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 7955324f7..1a83083fe 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -2190,7 +2190,7 @@ crypto_get_pem_slot(struct _pkinit_identity_crypto_context *id) /* Resolve any ambiguities from having a duplicate nickname in the PKCS12 * bundle and in the database, or the bag not providing a nickname. Note: you * might expect "arg" to be a wincx, but it's actually a certificate! (Mozilla - * bug #321584) */ + * bug #321584, fixed in 3.12, documented by #586163, in 3.13.) */ static SECItem * crypto_nickname_c_cb(SECItem *old_nickname, PRBool *cancel, void *arg) { @@ -3527,10 +3527,10 @@ pkinit_create_td_trusted_certifiers(krb5_context context, !CERT_LIST_END(node, sclist); node = CERT_LIST_NEXT(node)) { /* If we have no trust for it, we can't trust it. */ - if (cert->trust == NULL) + if (node->cert->trust == NULL) continue; /* We need to trust it to issue client certs. */ - trustf = SEC_GET_TRUST_FLAGS(cert->trust, trustSSL); + trustf = SEC_GET_TRUST_FLAGS(node->cert->trust, trustSSL); if (!(trustf & CERTDB_TRUSTED_CLIENT_CA)) continue; /* DestroyCertList frees all of the certs in the list,