- Resolves: Bug 782142 - keyutil should use error string utilities provided by nss since 3.13
- Update Requires and BuildRequires nss and nss-util mininimum versions - Add needed line breaks to the keyutil usage message
This commit is contained in:
parent
99a005c95c
commit
b2e5843d92
@ -4,7 +4,7 @@
|
||||
Summary: SSL certificate and key management utilities
|
||||
Name: crypto-utils
|
||||
Version: 2.4.1
|
||||
Release: 32
|
||||
Release: 33
|
||||
Source: crypto-rand-%{crver}.tar.gz
|
||||
Source1: genkey.pl
|
||||
Source2: certwatch.c
|
||||
@ -18,7 +18,6 @@ Source9: pemutil.c
|
||||
Source10: keyutil.c
|
||||
Source11: certext.c
|
||||
Source12: secutil.c
|
||||
Source13: secerror.c
|
||||
Source14: keyutil.h
|
||||
Source15: secutil.h
|
||||
Source16: NSPRerrs.h
|
||||
@ -29,7 +28,8 @@ License: MIT and GPLv2+
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
BuildRequires: nss-devel, pkgconfig, newt-devel, xmlto
|
||||
BuildRequires: perl-devel, perl(Newt), perl(ExtUtils::MakeMaker)
|
||||
Requires: perl(Newt), nss >= 3.12.2
|
||||
Requires: nss-devel >= 3.13.1, nss-util-devel >= 3.13.1
|
||||
Requires: perl(Newt), nss >= 3.13.1, nss-util >= 3.13.1
|
||||
Requires: %(eval `perl -V:version`; echo "perl(:MODULE_COMPAT_$version)")
|
||||
Obsoletes: crypto-rand
|
||||
|
||||
@ -52,7 +52,6 @@ cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/nspr4 -I/usr/include/nss3 \
|
||||
$RPM_SOURCE_DIR/keyutil.c \
|
||||
$RPM_SOURCE_DIR/certext.c \
|
||||
$RPM_SOURCE_DIR/secutil.c \
|
||||
$RPM_SOURCE_DIR/secerror.c \
|
||||
-o keyutil -lplc4 -lnspr4 -lnss3
|
||||
|
||||
cc $RPM_OPT_FLAGS -Wall -Werror \
|
||||
@ -131,6 +130,11 @@ chmod -R u+w $RPM_BUILD_ROOT
|
||||
%{perl_vendorarch}/auto/Crypt
|
||||
|
||||
%changelog
|
||||
* Wed Feb 01 2012 Elio Maldonado <emaldona@redhat.com> - 2.4.1-33
|
||||
- Resolves: Bug 782142 - keyutil should use error string utilities provided by nss since 3.13
|
||||
- Update Requires and BuildRequires nss and nss-util mininimum versions
|
||||
- Add needed line breaks to the keyutil usage message
|
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.1-32
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
|
47
keyutil.c
47
keyutil.c
@ -87,6 +87,7 @@
|
||||
|
||||
#include <prerror.h>
|
||||
#include <secerr.h>
|
||||
#include <secport.h>
|
||||
|
||||
#include <nspr.h>
|
||||
#include <nss.h>
|
||||
@ -210,21 +211,21 @@ static void
|
||||
Usage(char *progName)
|
||||
{
|
||||
fprintf(stderr, "Usage: %s [options] arguments\n", progName);
|
||||
fprintf(stderr, "{-c|--command} command, one of [genreq|makecert]");
|
||||
fprintf(stderr, "{-r|--renew} cert-to-renew the file with the certifificast to renew");
|
||||
fprintf(stderr, "{-c|--command} command, one of [genreq|makecert]\n");
|
||||
fprintf(stderr, "{-r|--renew} cert-to-renew the file with the certifificast to renew\n");
|
||||
fprintf(stderr, "{-s|--subject} subject subject distinguished name");
|
||||
fprintf(stderr, "{-g|--gsize} key_size size in bitsof the rsa key to generate");
|
||||
fprintf(stderr, "{-g|--gsize} key_size size in bitsof the rsa key to generate\n");
|
||||
fprintf(stderr, "{-v|--validity} months cert validity in months");
|
||||
fprintf(stderr, "{-z|--znoisefile} noisefile seed file for use in key gneration");
|
||||
fprintf(stderr, "{-e|--encpwd} keypwd key encryption_password");
|
||||
fprintf(stderr, "{-f|--filepwdnss} modpwdfile file with the module access_password");
|
||||
fprintf(stderr, "{-d|--digest} digest-algorithm digest algorithm");
|
||||
fprintf(stderr, "{-i|--input} inputkey-file file with key with which to encrypt or to sign a request");
|
||||
fprintf(stderr, "{-p|--passout} pbe-password the password for encrypting of the key");
|
||||
fprintf(stderr, "{-o|--output} out-file output file for a csr or cert");
|
||||
fprintf(stderr, "{-k|--keyfile} out-key-file output key file, with csr or certgen");
|
||||
fprintf(stderr, "{-t|--cacert} indicates that cert renewal is for a ca");
|
||||
fprintf(stderr, "{-h|--help} print this help message");
|
||||
fprintf(stderr, "{-z|--znoisefile} noisefile seed file for use in key generation\n");
|
||||
fprintf(stderr, "{-e|--encpwd} keypwd key encryption_password\n");
|
||||
fprintf(stderr, "{-f|--filepwdnss} modpwdfile file with the module access_password\n");
|
||||
fprintf(stderr, "{-d|--digest} digest-algorithm digest algorithm\n");
|
||||
fprintf(stderr, "{-i|--input} inputkey-file file with key with which to encrypt or to sign a request\n");
|
||||
fprintf(stderr, "{-p|--passout} pbe-password the password for encrypting of the key\n");
|
||||
fprintf(stderr, "{-o|--output} out-file output file for a csr or cert\n");
|
||||
fprintf(stderr, "{-k|--keyfile} out-key-file output key file, with csr or certgen\n");
|
||||
fprintf(stderr, "{-t|--cacert} indicates that cert renewal is for a ca\n");
|
||||
fprintf(stderr, "{-h|--help} print this help message\n");
|
||||
fprintf(stderr, "\n");
|
||||
exit(1);
|
||||
}
|
||||
@ -326,7 +327,7 @@ static SECStatus loadCert(
|
||||
if (!genericObjCert) {
|
||||
rv = PR_GetError();
|
||||
SECU_PrintError(progName,
|
||||
"Unable to create object for cert, (%s)", SECU_Strerror(rv));
|
||||
"Unable to create object for cert, (%s)", PORT_ErrorToString(rv));
|
||||
break;
|
||||
}
|
||||
if (!cacert) {
|
||||
@ -391,7 +392,7 @@ static SECStatus loadKey(
|
||||
rv = SEC_ERROR_BAD_KEY;
|
||||
PR_SetError(rv, 0);
|
||||
SECU_PrintError(progName ? progName : "keyutil",
|
||||
"Unable to create key object (%s)\n", SECU_Strerror(rv));
|
||||
"Unable to create key object (%s)\n", PORT_ErrorToString(rv));
|
||||
break;
|
||||
}
|
||||
|
||||
@ -403,7 +404,7 @@ static SECStatus loadKey(
|
||||
rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
|
||||
if (rv != SECSuccess) {
|
||||
SECU_PrintError(progName ? progName : "keyutil",
|
||||
"Can't authenticate\n", SECU_Strerror(rv));
|
||||
"Can't authenticate\n", PORT_ErrorToString(rv));
|
||||
break;
|
||||
}
|
||||
|
||||
@ -417,7 +418,7 @@ static SECStatus loadKey(
|
||||
if (!privkey) {
|
||||
rv = PR_GetError();
|
||||
SECU_PrintError(progName ? progName : "keyutil",
|
||||
"Unable to find the key for cert, (%s)\n", SECU_Strerror(rv));
|
||||
"Unable to find the key for cert, (%s)\n", PORT_ErrorToString(rv));
|
||||
GEN_BREAK(SECFailure);
|
||||
}
|
||||
rv = SECSuccess;
|
||||
@ -498,7 +499,7 @@ static SECStatus extractRSAKeysAndSubject(
|
||||
if (!*pubkey) {
|
||||
SECU_PrintError(progName,
|
||||
"Could not get public key from cert, (%s)\n",
|
||||
SECU_Strerror(PR_GetError()));
|
||||
PORT_ErrorToString(PR_GetError()));
|
||||
GEN_BREAK(SECFailure);
|
||||
}
|
||||
|
||||
@ -507,12 +508,12 @@ static SECStatus extractRSAKeysAndSubject(
|
||||
rv = PR_GetError();
|
||||
SECU_PrintError(progName,
|
||||
"Unable to find the key with PK11_FindKeyByDERCert, (%s)\n",
|
||||
SECU_Strerror(rv));
|
||||
PORT_ErrorToString(rv));
|
||||
*privkey= PK11_FindKeyByAnyCert(cert, &pwdata);
|
||||
rv = PR_GetError();
|
||||
SECU_PrintError(progName,
|
||||
"Unable to find the key with PK11_FindKeyByAnyCert, (%s)\n",
|
||||
SECU_Strerror(rv));
|
||||
PORT_ErrorToString(rv));
|
||||
GEN_BREAK(SECFailure);
|
||||
}
|
||||
|
||||
@ -944,7 +945,7 @@ CreateCert(
|
||||
*outCert = subjectCert;
|
||||
} else {
|
||||
PRErrorCode perr = PR_GetError();
|
||||
SECU_PrintError(progName, "Unable to create cert, (%s)\n", SECU_Strerror(perr));
|
||||
SECU_PrintError(progName, "Unable to create cert, (%s)\n", PORT_ErrorToString(perr));
|
||||
if (subjectCert)
|
||||
CERT_DestroyCertificate (subjectCert);
|
||||
}
|
||||
@ -1268,7 +1269,7 @@ KeyOut(const char *keyoutfile,
|
||||
if (!encryptedKeyDER) {
|
||||
rv = PR_GetError();
|
||||
SECU_PrintError(progName, "ASN1 Encode failed (%s)\n",
|
||||
SECU_Strerror(rv));
|
||||
PORT_ErrorToString(rv));
|
||||
GEN_BREAK(rv);
|
||||
}
|
||||
|
||||
@ -1535,7 +1536,7 @@ static int keyutil_main(
|
||||
PR_Close(outFile);
|
||||
if (rv) {
|
||||
SECU_PrintError(progName ? progName : "keyutil",
|
||||
"CertReq failed: \"%s\"\n", SECU_Strerror(rv));
|
||||
"CertReq failed: \"%s\"\n", PORT_ErrorToString(rv));
|
||||
rv = 255;
|
||||
goto shutdown;
|
||||
}
|
||||
|
111
secerror.c
111
secerror.c
@ -1,111 +0,0 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
#include <nspr.h>
|
||||
|
||||
struct tuple_str {
|
||||
PRErrorCode errNum;
|
||||
const char * errString;
|
||||
};
|
||||
|
||||
typedef struct tuple_str tuple_str;
|
||||
|
||||
#define ER2(a,b) {a, b},
|
||||
#define ER3(a,b,c) {a, c},
|
||||
|
||||
#include <secerr.h>
|
||||
#include <sslerr.h>
|
||||
#include <stdio.h>
|
||||
|
||||
const tuple_str errStrings[] = {
|
||||
|
||||
/* keep this list in asceding order of error numbers */
|
||||
/* SSLerrs.h not needed */
|
||||
#include "SECerrs.h"
|
||||
#include "NSPRerrs.h"
|
||||
|
||||
};
|
||||
|
||||
const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
|
||||
|
||||
/* Returns a UTF-8 encoded constant error string for "errNum".
|
||||
* Returns NULL of errNum is unknown.
|
||||
*/
|
||||
const char *
|
||||
SECU_Strerror(PRErrorCode errNum) {
|
||||
PRInt32 low = 0;
|
||||
PRInt32 high = numStrings - 1;
|
||||
PRInt32 i;
|
||||
PRErrorCode num;
|
||||
static int initDone;
|
||||
|
||||
/* make sure table is in ascending order.
|
||||
* binary search depends on it.
|
||||
*/
|
||||
if (!initDone) {
|
||||
PRErrorCode lastNum = ((PRInt32)0x80000000);
|
||||
for (i = low; i <= high; ++i) {
|
||||
num = errStrings[i].errNum;
|
||||
if (num <= lastNum) {
|
||||
fprintf(stderr,
|
||||
"sequence error in error strings at item %d\n"
|
||||
"error %d (%s)\n"
|
||||
"should come after \n"
|
||||
"error %d (%s)\n",
|
||||
i, lastNum, errStrings[i-1].errString,
|
||||
num, errStrings[i].errString);
|
||||
}
|
||||
lastNum = num;
|
||||
}
|
||||
initDone = 1;
|
||||
}
|
||||
|
||||
/* Do binary search of table. */
|
||||
while (low + 1 < high) {
|
||||
i = (low + high) / 2;
|
||||
num = errStrings[i].errNum;
|
||||
if (errNum == num)
|
||||
return errStrings[i].errString;
|
||||
if (errNum < num)
|
||||
high = i;
|
||||
else
|
||||
low = i;
|
||||
}
|
||||
if (errNum == errStrings[low].errNum)
|
||||
return errStrings[low].errString;
|
||||
if (errNum == errStrings[high].errNum)
|
||||
return errStrings[high].errString;
|
||||
return NULL;
|
||||
}
|
Loading…
Reference in New Issue
Block a user