From 27e3c898611c6af72844c575c42fb5f78ed235f7 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Mon, 18 Oct 2010 15:46:56 -0700 Subject: [PATCH] Fix certificates trust order (#643134) Modify nss-sysinit-userdb-first.patch to apply it last --- nss-sysinit-fix-trustorder.patch | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 nss-sysinit-fix-trustorder.patch diff --git a/nss-sysinit-fix-trustorder.patch b/nss-sysinit-fix-trustorder.patch new file mode 100644 index 0000000..fe50deb --- /dev/null +++ b/nss-sysinit-fix-trustorder.patch @@ -0,0 +1,30 @@ +diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.fixtrust ./mozilla/security/nss/lib/sysinit/nsssysinit.c +--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.fixtrust 2010-10-15 12:02:51.445637701 -0700 ++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-10-15 12:06:52.731762282 -0700 +@@ -221,7 +221,7 @@ getFIPSMode(void) + * 2 for the key slot, and + * 3 for the crypto operations slot fips + */ +-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100" ++#define ORDER_FLAGS "cipherOrder=100" + #define SLOT_FLAGS \ + "[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \ + " askpw=any timeout=30 ]" +@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_ + "library= " + "module=\"NSS User database\" " + "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" " +- "NSS=\"%sflags=internal%s\"", ++ "NSS=\"trustOrder=75 %sflags=internal%s\"", + userdb, stripped_parameters, nssflags, + isFIPS ? ",FIPS" : ""); + +@@ -315,7 +315,7 @@ get_list(char *filename, char *stripped_ + "library= " + "module=\"NSS system database\" " + "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" " +- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags); ++ "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags); + } + + /* that was the last module */