Compare commits

..

62 Commits
master ... f14

Author SHA1 Message Date
Elio Maldonado
50cbda82a1 Merge branch 'f15' into f14 2011-11-08 17:18:54 -08:00
Elio Maldonado
da88e559d7 - Update builtins certs to those from NSSCKBI_1_88_RTM - rhb#z751674 2011-11-08 16:26:52 -08:00
Kai Engert
ff4d21badd NSSCKBI_1_87_RTM 2011-09-06 22:54:56 +02:00
Kai Engert
4b3a050e09 NSSCKBI_1_87_RTM 2011-09-06 22:53:14 +02:00
Elio Maldonado
8b5f3e43f0 Merge branch 'master' into f15 2011-07-22 08:42:17 -07:00
Dennis Gilmore
cf0b79176d Merge branch 'master' into f14 2011-05-20 09:12:56 -05:00
Dennis Gilmore
9beb3fd357 Merge branch 'master' into f15 2011-05-20 09:11:12 -05:00
Elio Maldonado
ded5f79f77 Merge branch 'f15' into f14 2011-05-11 08:26:55 -07:00
Elio Maldonado
8ff9d8e959 Merge branch 'master' into f15 2011-05-07 09:29:26 -07:00
Elio Maldonado
1b24056ef7 Fix the relase number 2011-04-12 13:04:06 -07:00
Elio Maldonado
4e9256eccb Merge branch 'f15' into f14, partial merge 2011-04-12 13:01:57 -07:00
Elio Maldonado
11feb7633c Merge branch 'master' into f15
Fix for Bug 695011 - segfaults on pem logging on debug builds
PEM module logging implemented using NSPR logging calls
Update the PayPalEE test certificate to a longer lived one
2011-04-12 12:52:18 -07:00
Elio Maldonado
c400a7a567 Selectively merge branch 'f15' into f14
Update to NSS_3.12.9_WITH_CKBI_1_82_RTM
nss security update for compromised certificates
see: https://bugzilla.mozilla.org/show_bug.cgi?id=642395
2011-03-26 11:55:23 -07:00
Elio Maldonado
da8533319e Merge branch 'master' into f15
- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM
- nss security update for compromized certificates
- see mozilla bug: https://bugzilla.mozilla.org/show_bug.cgi?id=642395
2011-03-25 14:54:45 -07:00
Elio Maldonado
1b4bbde082 Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections
Change selfserv to use a dual-stack IPv6 listening socket, which can accept
connections from both IPv4 and IPv6 clients.  NSPR's IPv6 sockets have the
IPV6_V6ONLY socket option default to false.
2011-02-24 16:01:12 -08:00
Elio Maldonado
0cac4288f2 Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections
Change selfserv to use a dual-stack IPv6 listening socket, which can accept
connections from both IPv4 and IPv6 clients.  NSPR's IPv6 sockets have the
IPV6_V6ONLY socket option default to false.
2011-02-24 15:34:22 -08:00
Elio Maldonado
4f8c61457c - Run the test suites in the check section (#677809) 2011-02-18 16:08:50 -08:00
Elio Maldonado
83140e6ec3 - Add to pkcs11-devel a requires on nss-softokn-freebl-freebl (#675196)
- Remove a header that now nss-softokn-freebl-devel ships
- Run the test suites in the check section (#677809)
2011-02-18 15:18:50 -08:00
Elio Maldonado
41067b8b40 - Fix to swap internal key slot on fips mode switches, related to #633043
- Fixes a side effect of the fix for #633043 detcted by the JSS test suite
2011-02-11 09:44:12 -08:00
Elio Maldonado
5abae289d8 - Remove a header that now nss-softokn-freebl-devel ships, related to #675196
- Backing out earlier patch until further testing from upstream for 3.12.10
2011-02-07 16:00:36 -08:00
Elio Maldonado
c2be9c41be Merge branch 'master' into f14 2011-02-01 17:56:57 -08:00
Elio Maldonado
527750ed60 Merge branch 'master' into f14 2011-01-22 10:04:11 -08:00
Elio Maldonado
92c7fb5676 Merge branch 'master' into f14 2011-01-13 14:04:41 -08:00
Elio Maldonado
576d83be9d - Fix libpnsspem crash when cacert dir contains other directories (#642433)
- Added comments to spec file on how build with optimizations turned off
2010-12-10 08:16:05 -08:00
Elio Maldonado
3aff6cd3be Actually apply all the changes in the commit previous message.
Update pem source tar with fixes for 614532 and 596674
Remove patches that we no longer need
Tell rpm not to verify md5, size, and modtime of configurations file
2010-11-26 12:20:17 -08:00
Elio Maldonado
e47aa30734 - Update pem source tar with fixes for 614532 and 596674
- Remove 0001-Add-support-for-PKCS-8-encoded-private-keys.patch, no longer needed
- Remove 0001-Do-not-define-SEC_SkipTemplate.patch, no longer needed
- Tell rpm not to verify md5, size, and modtime of configurations file
2010-11-26 08:57:40 -08:00
Elio Maldonado
768a0d5745 Update test certificate which had expired 2010-11-05 08:44:51 -07:00
Elio Maldonado
68a35a4e2f Update PayPalEE.cert which had expired 2010-11-04 15:04:05 -07:00
Elio Maldonado
c01002e05f Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248) 2010-10-06 20:30:52 -07:00
Elio Maldonado
5775837bbf - Update to 3.12.8
- Fix invalid %postun scriptlet (#639248)
2010-10-05 11:47:36 -07:00
Elio Maldonado
cb9c7979b3 Fix version on triggerpostun scriplet (#636787) 2010-09-30 14:56:51 -07:00
Elio Maldonado
c7e7247590 Improve on fixes for bugs #636787, #636792, and #636801
Replace posttrans sysinit scriptlet with a triggerpostun one (#636787)
Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)
2010-09-29 14:51:02 -07:00
Elio Maldonado
125ad15fa4 Fixes for Bugs 636787, 636792, 636801, and 609612
Prevent of nss-sysinit disabling on package upgrade (#636787):
Change system-pkcs11.txt to have nsssyinit turned on by default and
add posttrans syninit scriplet as replacement to post and preun ones
Create pkcs11.txt with correct permissions regardless of umask (#636792)
Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801)
Add provides nss-pkcs11-devel-static to comply with packaging guidelines (#609612)
2010-09-28 15:10:47 -07:00
Elio Maldonado
6b07fe83cc Remove {nss_util|nss_softokn}_build_version, BuildRequires must match Requires 2010-09-12 12:41:41 -07:00
Elio Maldonado
ebac350c8b Merge branch 'f13' into f14 2010-09-11 16:19:26 -07:00
Elio Maldonado
c4f8125ecb Bump nss_util_build_version and nss_softokn_build_version to 3.12.7 2010-09-11 16:10:43 -07:00
Elio Maldonado
9c7cfa3932 Merge branch 'f13' into f14
Fix unclosed comment in renegotiate-transitional.patch
2010-09-07 08:19:12 -07:00
Elio Maldonado
c953934393 Fix unclosed comment in renegotiate-transitional.patch 2010-09-07 08:10:16 -07:00
Elio Maldonado
87235aed91 Merge with master to update to 3.12.7 2010-09-03 08:14:29 -07:00
Elio Maldonado
fdefa43e4d Update to 3.12.7
Delete nss-nolocalsql.patch and rely on an NSS_USE_SYSTEM_SQL variable instead.
Added BuildRequires on available versions of the development pacakges
Added some comments explaing lack of version on nss-sysinit provides
2010-09-03 08:08:47 -07:00
Elio Maldonado
690f79c8fa Merge branch 'master' into f14 2010-08-30 16:22:04 -07:00
Elio Maldonado
0ade450edc Merge branch 'master' into f14 2010-08-30 09:59:26 -07:00
Elio Maldonado
e7079bbf54 Merge branch 'master' into f13 2010-08-25 13:17:58 -07:00
Elio Maldonado
b7d02ab064 Merge branch 'master' into f14 2010-08-25 13:14:27 -07:00
Elio Maldonado
94bf03b9c2 Merge branch 'master' into f13 2010-08-14 17:17:39 -07:00
Elio Maldonado
78e9db1518 Merge branch 'master' into f14 2010-08-14 16:17:48 -07:00
Elio Maldonado
9b182d22ed Merge branch 'master' into f13 2010-08-10 09:29:36 -07:00
Elio Maldonado
93c126b227 deleted nss-pem-20100809.tar.bz2 2010-08-09 22:12:03 -07:00
Elio Maldonado
764f26ca9d Merge branch 'master' into f14
Conflicts:
	nss.spec
2010-08-09 22:05:27 -07:00
Elio Maldonado
6e2d989f14 Update source tar to add support for PKCS#8 encoded PEM RSA private key files rhbz#614532 2010-08-09 17:47:13 -07:00
Elio Maldonado
96702ba123 Initial pseudo merge for dist-git setup 2010-08-01 21:08:17 -07:00
Fedora Release Engineering
64fa704d3a dist-git conversion 2010-07-29 04:33:25 +00:00
Elio Maldonado
7cbeb9c7bc Require nss-softoken 3.12.6 2010-06-08 19:00:25 +00:00
Elio Maldonado
3ff6f4da98 Fix SIGSEGV within CreateObject #596674 2010-06-07 03:56:21 +00:00
Elio Maldonado
d99a5ee0ec PEM module fixes: Collect objects searches through all objects, CopyObject
returns shallow copy, Fix memory leak in pem_mdCryptoOperationRSAPriv
2010-04-14 20:11:50 +00:00
Elio Maldonado
0a6cda68f8 Retagging 2010-04-08 04:34:16 +00:00
Elio Maldonado
6648a39610 Fix sysinit requires: #576071, update PayPalEE test cert: #580207 2010-04-08 02:15:39 +00:00
Elio Maldonado
6feac515e8 Use updated test cert - #580207 2010-04-08 02:11:54 +00:00
Elio Maldonado
d8583442b1 Fix nss.pc to not require nss-softokn - resolves: rhbz#575001 2010-03-19 19:05:26 +00:00
Elio Maldonado
c6b2155624 Reenable all tests 2010-03-07 03:46:03 +00:00
Elio Maldonado
fbb4c50e05 Update to 3.12.6 2010-03-06 23:05:19 +00:00
Jesse Keating
5333c595c9 Initialize branch F-13 for nss 2010-02-17 02:13:17 +00:00
37 changed files with 5645 additions and 2923 deletions

47
.gitignore vendored
View File

@ -1,51 +1,8 @@
nss-3.12.10-stripped.tar.bz2
nss-pem-20101125.tar.bz2
blank-cert8.db
blank-key3.db
blank-secmod.db
blank-cert9.db
blank-key4.db
PayPalEE.cert
TestCA.ca.cert
TestUser50.cert
TestUser51.cert
/PayPalRootCA.cert
/PayPalICA.cert
/nss-3.25.0.tar.gz
/nss-3.26.0.tar.gz
/nss-3.27.0.tar.gz
/nss-3.27.2.tar.gz
/nss-3.28.1.tar.gz
/nss-3.29.0.tar.gz
/nss-3.29.1.tar.gz
/nss-3.30.0.tar.gz
/nss-3.30.2.tar.gz
/nss-3.31.0.tar.gz
/nss-3.32.0.tar.gz
/nss-3.32.1.tar.gz
/nss-3.33.0.tar.gz
/nss-3.34.0.tar.gz
/nss-3.35.0.tar.gz
/nss-3.36.0.tar.gz
/nss-3.36.1.tar.gz
/nss-3.37.1.tar.gz
/nss-3.37.3.tar.gz
/nss-3.38.0.tar.gz
/nss-3.39.tar.gz
/nss-3.40.1.tar.gz
/nss-3.41.tar.gz
/nss-3.42.tar.gz
/nss-3.42.1.tar.gz
/nss-3.43.tar.gz
/nss-3.44.tar.gz
/nss-3.44.1.tar.gz
/nss-3.45.tar.gz
/nss-3.46.tar.gz
/nss-3.46.1.tar.gz
/nss-3.47.tar.gz
/nss-3.47.1.tar.gz
/nss-3.48.tar.gz
/nss-3.49.tar.gz
/nss-3.49.2.tar.gz
/nss-3.50.tar.gz
/nss-3.51.tar.gz
/nss-3.51.1.tar.gz
/nss-3.52.tar.gz

View File

@ -0,0 +1,107 @@
From 5c61cdba435096ee6e65cee4dc9a473430643c07 Mon Sep 17 00:00:00 2001
From: Elio Maldonado <emaldona@redhat.com>
Date: Tue, 12 Apr 2011 09:31:48 -0700
Subject: [PATCH] Bug 695011 PEM logging
Use NSPR logging facilities for PEM logging to fix a segmenation violation
caused when user cannot for write a log file created by root
---
mozilla/security/nss/lib/ckfw/pem/ckpem.h | 7 ++++-
mozilla/security/nss/lib/ckfw/pem/util.c | 30 ++++++++++++++++------------
2 files changed, 22 insertions(+), 15 deletions(-)
diff --git a/mozilla/security/nss/lib/ckfw/pem/ckpem.h b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
index 839d40b..720525e 100644
--- a/mozilla/security/nss/lib/ckfw/pem/ckpem.h
+++ b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
@@ -1,3 +1,6 @@
+#ifndef CKPEM_H
+#define CKPEM_H
+
#include "nssckmdt.h"
#include "nssckfw.h"
#include "ckfwtm.h"
@@ -254,8 +257,8 @@ unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk);
/* ptoken.c */
NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError);
+/* util.c */
void open_log();
-void close_log();
void plog(const char *fmt, ...);
-#define PEM_H 1
+#endif /* CKPEM_H */
diff --git a/mozilla/security/nss/lib/ckfw/pem/util.c b/mozilla/security/nss/lib/ckfw/pem/util.c
index 853f418..fafb924 100644
--- a/mozilla/security/nss/lib/ckfw/pem/util.c
+++ b/mozilla/security/nss/lib/ckfw/pem/util.c
@@ -41,6 +41,7 @@
#include "prtime.h"
#include "prlong.h"
#include "prerror.h"
+#include "prlog.h"
#include "prprf.h"
#include "plgetopt.h"
#include "prenv.h"
@@ -51,6 +52,9 @@
#include "cryptohi.h"
#include "secpkcs7.h"
#include "secerr.h"
+
+#include "ckpem.h"
+
#include <stdarg.h>
#define CHUNK_SIZE 512
@@ -267,34 +271,34 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
return -1;
}
-FILE *plogfile;
+#ifdef DEBUG
+#define LOGGING_BUFFER_SIZE 400
+#define PEM_DEFAULT_LOG_FILE "/tmp/pkcs11.log"
+static const char *pemLogModuleName = "PEM";
+static PRLogModuleInfo* pemLogModule;
+#endif
void open_log()
{
#ifdef DEBUG
- plogfile = fopen("/tmp/pkcs11.log", "a");
-#endif
+ const char *nsprLogFile = PR_GetEnv("NSPR_LOG_FILE");
- return;
-}
+ pemLogModule = PR_NewLogModule(pemLogModuleName);
-void close_log()
-{
-#ifdef DEBUG
- fclose(plogfile);
+ (void) PR_SetLogFile(nsprLogFile ? nsprLogFile : PEM_DEFAULT_LOG_FILE);
+ /* If false, the log file will remain what it was before */
#endif
- return;
}
void plog(const char *fmt, ...)
{
#ifdef DEBUG
+ char buf[LOGGING_BUFFER_SIZE];
va_list ap;
va_start(ap, fmt);
- vfprintf(plogfile, fmt, ap);
+ PR_vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
-
- fflush(plogfile);
+ PR_LOG(pemLogModule, PR_LOG_DEBUG, ("%s", buf));
#endif
}
--
1.7.4.2

View File

@ -1,68 +0,0 @@
#requires nspr
#requires perl
#requires nss-util
#requires nss-softokn
mcd $BUILDDIR/nss
export BUILD_OPT=1
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
export NSPR_INCLUDE_DIR=/usr/include/nspr
export NSPR_LIB_DIR=/usr/lib${SUFFIX}
export NSS_USE_SYSTEM_SQLITE=1
export NSS_BUILD_WITHOUT_SOFTOKEN=1
export USE_SYSTEM_SOFTOKEN=1
export SOFTOKEN_LIB_DIR=/usr/lib${SUFFIX}
export NSSUTIL_INCLUDE_DIR=/usr/include/nss3
export NSSUTIL_LIB_DIR=/usr/lib${SUFFIX}
export USE_SYSTEM_NSSUTIL=1
export FREEBL_INCLUDE_DIR=/usr/include/nss3
export FREEBL_LIB_DIR=/usr/lib${SUFFIX}
export USE_SYSTEM_FREEBL=1
export NSS_USE_SYSTEM_FREEBL=1
export FREEBL_NO_DEPEND=1
export IN_TREE_FREEBL_HEADERS_FIRST=1
export NSS_BLTEST_NOT_AVAILABLE=1
export NSS_NO_SSL2_NO_EXPORT=1
export NSS_ECC_MORE_THAN_SUITE_B=1
export NSS_NO_PKCS11_BYPASS=1
#export NSDISTMODE="copy"
if [ "$SUFFIX" = "64" ]; then
USE_64=1
export USE_64
fi
(cd $SRC/nss-3.* && mkdir -p dist/private/nss && cp nss/lib/ckfw/nssck.api dist/private/nss/)
make -C $SRC/nss-3.*/nss/coreconf
make -C $SRC/nss-3.*/nss/lib/dbm
# nss/nssinit.c, ssl/sslcon.c, smime/smimeutil.c and ckfw/builtins/binst.c
# need nss/verref.h which is exported privately, move it to where it can be found.
(cd $SRC/nss-3.* && mkdir -p dist/private/nss && cp -a nss/verref.h dist/private/nss/)
make -C $SRC/nss-3.*/nss
cd $SRC/nss-3.*/nss/coreconf
make install
cd $SRC/nss-3.*/nss/lib/dbm
make install
cd $SRC/nss-3.*/nss
make install
# Copy the binary libraries we want
NSSLIBS="libnss3.so libnssckbi.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so"
# BOZO: temporarily disable FIPS140 support
#NSSLIBCHKS="libnssdbm3.chk libfreebl3.chk libsoftokn3.chk"
NSSLIBCHKS=""
# END BOZO
cd $SRC/nss-3.*
for file in $NSSLIBS $NSSLIBCHKS
do
install -p -m 755 dist/*.OBJ/lib/$file /usr/lib${SUFFIX}/
done
# Copy the include files we want
for file in $SRC/nss-*/dist/public/nss/*.h
do
install -p -m 644 $file /usr/include/nss3/
done

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,637 @@
diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.c
--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 2011-11-03 13:52:25.634021626 -0700
+++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.c 2011-11-03 13:54:04.872021278 -0700
@@ -35,7 +35,7 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $";
+static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $";
#endif /* DEBUG */
#ifndef BUILTINS_H
@@ -1075,6 +1075,18 @@ static const CK_ATTRIBUTE_TYPE nss_built
static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_342 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_343 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
#ifdef DEBUG
static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
@@ -1083,7 +1095,7 @@ static const NSSItem nss_builtins_items_
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"CVS ID", (PRUint32)7 },
{ (void *)"NSS", (PRUint32)4 },
- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $", (PRUint32)165 }
+ { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $", (PRUint32)165 }
};
#endif /* DEBUG */
static const NSSItem nss_builtins_items_1 [] = {
@@ -22600,6 +22612,266 @@ static const NSSItem nss_builtins_items_
{ (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
+static const NSSItem nss_builtins_items_340 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
+ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+ { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
+"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
+"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
+"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
+"\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151"
+"\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156"
+"\162\151\143\150\051"
+, (PRUint32)101 },
+ { (void *)"0", (PRUint32)2 },
+ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
+"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
+"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
+"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
+"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
+"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
+"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
+"\141\154\040\122\157\157\164"
+, (PRUint32)119 },
+ { (void *)"\002\006\007\377\377\377\377\377"
+, (PRUint32)8 },
+ { (void *)"\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007"
+"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
+"\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023"
+"\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124"
+"\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060"
+"\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145"
+"\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163"
+"\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023"
+"\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
+"\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060"
+"\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062"
+"\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060"
+"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
+"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
+"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
+"\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003"
+"\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145"
+"\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051"
+"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001"
+"\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144"
+"\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376"
+"\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312"
+"\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225"
+"\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152"
+"\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173"
+"\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335"
+"\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177"
+"\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001"
+"\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035"
+"\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134"
+"\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001"
+"\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005"
+"\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142"
+"\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164"
+"\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056"
+"\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003"
+"\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006"
+"\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061"
+"\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026"
+"\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157"
+"\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023"
+"\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
+"\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061"
+"\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171"
+"\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040"
+"\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004"
+"\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072"
+"\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165"
+"\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103"
+"\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060"
+"\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027"
+"\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015"
+"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201"
+"\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005"
+"\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325"
+"\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377"
+"\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222"
+"\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113"
+"\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362"
+"\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305"
+"\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143"
+"\131"
+, (PRUint32)977 }
+};
+static const NSSItem nss_builtins_items_341 [] = {
+ { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
+ { (void *)"\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025"
+"\214\071\131\117"
+, (PRUint32)20 },
+ { (void *)"\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152"
+, (PRUint32)16 },
+ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
+"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
+"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
+"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
+"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
+"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
+"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
+"\141\154\040\122\157\157\164"
+, (PRUint32)119 },
+ { (void *)"\002\006\007\377\377\377\377\377"
+, (PRUint32)8 },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_342 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
+ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+ { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
+"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
+"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
+"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
+"\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151"
+"\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050"
+"\105\156\162\151\143\150\051"
+, (PRUint32)103 },
+ { (void *)"0", (PRUint32)2 },
+ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
+"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
+"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
+"\040\050\062\060\064\070\051"
+, (PRUint32)183 },
+ { (void *)"\002\006\007\377\377\377\377\377"
+, (PRUint32)8 },
+ { (void *)"\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007"
+"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
+"\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012"
+"\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060"
+"\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162"
+"\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070"
+"\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056"
+"\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061"
+"\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071"
+"\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114"
+"\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023"
+"\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162"
+"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157"
+"\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061"
+"\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065"
+"\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060"
+"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
+"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
+"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
+"\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003"
+"\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145"
+"\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143"
+"\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015"
+"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202"
+"\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065"
+"\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140"
+"\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026"
+"\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313"
+"\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336"
+"\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245"
+"\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044"
+"\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167"
+"\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026"
+"\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166"
+"\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063"
+"\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312"
+"\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364"
+"\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046"
+"\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150"
+"\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205"
+"\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060"
+"\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006"
+"\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001"
+"\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006"
+"\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005"
+"\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006"
+"\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006"
+"\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072"
+"\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156"
+"\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006"
+"\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005"
+"\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167"
+"\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171"
+"\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004"
+"\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072"
+"\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145"
+"\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003"
+"\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060"
+"\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321"
+"\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160"
+"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003"
+"\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153"
+"\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003"
+"\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001"
+"\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014"
+"\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063"
+"\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142"
+"\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264"
+"\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251"
+"\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330"
+"\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327"
+"\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013"
+"\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113"
+"\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227"
+"\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100"
+"\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247"
+"\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011"
+"\355\020\342\305"
+, (PRUint32)1236 }
+};
+static const NSSItem nss_builtins_items_343 [] = {
+ { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
+ { (void *)"\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151"
+"\005\155\061\046"
+, (PRUint32)20 },
+ { (void *)"\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362"
+, (PRUint32)16 },
+ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
+"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
+"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
+"\040\050\062\060\064\070\051"
+, (PRUint32)183 },
+ { (void *)"\002\006\007\377\377\377\377\377"
+, (PRUint32)8 },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
builtinsInternalObject
nss_builtins_data[] = {
@@ -22944,11 +23216,15 @@ nss_builtins_data[] = {
{ 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} },
{ 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} },
{ 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} },
- { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }
+ { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} },
+ { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} },
+ { 13, nss_builtins_types_341, nss_builtins_items_341, {NULL} },
+ { 11, nss_builtins_types_342, nss_builtins_items_342, {NULL} },
+ { 13, nss_builtins_types_343, nss_builtins_items_343, {NULL} }
};
const PRUint32
#ifdef DEBUG
- nss_builtins_nObjects = 339+1;
+ nss_builtins_nObjects = 343+1;
#else
- nss_builtins_nObjects = 339;
+ nss_builtins_nObjects = 343;
#endif /* DEBUG */
diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt
--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 2011-11-03 13:52:50.979012198 -0700
+++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt 2011-11-03 13:54:37.485020788 -0700
@@ -34,7 +34,7 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.13 $ $Date: 2011/09/02 19:39:06 $"
+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.14 $ $Date: 2011/11/03 15:12:15 $"
#
# certdata.txt
@@ -23299,3 +23299,284 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSC
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061
+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
+\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151
+\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156
+\162\151\143\150\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007
+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124
+\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060
+\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145
+\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163
+\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023
+\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
+\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060
+\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062
+\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060
+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
+\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003
+\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145
+\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051
+\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144
+\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376
+\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312
+\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225
+\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152
+\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173
+\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335
+\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177
+\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001
+\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035
+\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134
+\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001
+\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005
+\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142
+\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164
+\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056
+\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006
+\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061
+\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026
+\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157
+\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023
+\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
+\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061
+\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171
+\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040
+\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004
+\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072
+\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165
+\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103
+\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060
+\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027
+\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
+\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005
+\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325
+\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377
+\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222
+\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113
+\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362
+\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305
+\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143
+\131
+END
+
+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025
+\214\071\131\117
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061
+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
+\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151
+\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050
+\105\156\162\151\143\150\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007
+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012
+\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060
+\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162
+\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070
+\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056
+\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061
+\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071
+\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114
+\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023
+\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061
+\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065
+\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060
+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
+\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003
+\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145
+\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143
+\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065
+\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140
+\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026
+\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313
+\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336
+\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245
+\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044
+\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167
+\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026
+\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166
+\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063
+\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312
+\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364
+\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046
+\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150
+\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205
+\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
+\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
+\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006
+\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006
+\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072
+\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156
+\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006
+\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005
+\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167
+\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171
+\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004
+\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072
+\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145
+\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003
+\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060
+\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321
+\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153
+\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003
+\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001
+\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014
+\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063
+\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142
+\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264
+\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251
+\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330
+\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327
+\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013
+\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113
+\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227
+\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100
+\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247
+\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011
+\355\020\342\305
+END
+
+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151
+\005\155\061\046
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
diff -up ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
--- ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 2011-11-03 13:53:16.192262303 -0700
+++ ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2011-11-03 13:54:48.182013245 -0700
@@ -77,8 +77,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 87
-#define NSS_BUILTINS_LIBRARY_VERSION "1.87"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 88
+#define NSS_BUILTINS_LIBRARY_VERSION "1.88"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

View File

@ -1,59 +0,0 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="cert8.db">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>cert8.db</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>cert8.db</refname>
<refpurpose>Legacy NSS certificate database</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para><emphasis>cert8.db</emphasis> is an NSS certificate database.</para>
<para>This certificate database is in the legacy database format. Consider migrating to cert9.db and key4.db which are the new sqlite-based shared database format with support for concurrent access.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/cert8.db</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

View File

@ -1,59 +0,0 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="cert9.db">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>cert9.db</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>cert9.db</refname>
<refpurpose>NSS certificate database</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para><emphasis>cert9.db</emphasis> is an NSS certificate database.</para>
<para>This certificate database is the sqlite-based shared database with support for concurrent access.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/cert9.db</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkcs11.txt(5)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

View File

@ -1,13 +0,0 @@
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200
+++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200
@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME
SQLITE_LIB_NAME = sqlite3
endif
+# Prefer in-tree headers over system headers
+ifdef IN_TREE_FREEBL_HEADERS_FIRST
+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss
+endif
+
MK_LOCATION = included

View File

@ -1,59 +0,0 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="key3.db">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>key3.db</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>key3.db</refname>
<refpurpose>Legacy NSS certificate database</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para><emphasis>key3.db</emphasis> is an NSS certificate database.</para>
<para>This is a key database in the legacy database format. Consider migrating to cert9.db and key4.db which which are the new sqlite-based shared database format with support for concurrent access.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/key3.db</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

View File

@ -1,59 +0,0 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="key4.db">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>key4.db</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>key4.db</refname>
<refpurpose>NSS certificate database</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para><emphasis>key4.db</emphasis> is an NSS key database.</para>
<para>This key database is the sqlite-based shared database format with support for concurrent access.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/key4.db</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkcs11.txt(5)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

View File

@ -1,62 +1,22 @@
--- nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
+++ nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
@@ -953,23 +953,23 @@
getBoundListenSocket(unsigned short port)
{
PRFileDesc *listen_sock;
int listenQueueDepth = 5 + (2 * maxThreads);
PRStatus prStatus;
PRNetAddr addr;
diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/security/nss/cmd/selfserv/selfserv.c
--- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 2011-04-27 15:24:07.922128850 -0700
+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c 2011-04-27 15:27:11.053271675 -0700
@@ -1493,14 +1493,14 @@ getBoundListenSocket(unsigned short port
PRSocketOptionData opt;
PRUint16 socketDomain = PR_AF_INET;
- addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
+ errExit("PR_SetNetAddr");
+ errExit("PR_SetNetAddr");
+ }
- listen_sock = PR_NewTCPSocket();
if (PR_GetEnv("NSS_USE_SDP")) {
socketDomain = PR_AF_INET_SDP;
}
- listen_sock = PR_OpenTCPSocket(socketDomain);
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
if (listen_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_OpenTCPSockett");
errExit("PR_OpenTCPSocket error");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
--- nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
+++ nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
@@ -1711,23 +1711,23 @@
getBoundListenSocket(unsigned short port)
{
PRFileDesc *listen_sock;
int listenQueueDepth = 5 + (2 * maxThreads);
PRStatus prStatus;
PRNetAddr addr;
PRSocketOptionData opt;
- addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
+ errExit("PR_SetNetAddr");
+ }
- listen_sock = PR_NewTCPSocket();
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
if (listen_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_OpenTCPSocket error");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");

34
nss-646045.patch Normal file
View File

@ -0,0 +1,34 @@
diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/security/nss/tests/dbtests/dbtests.sh
--- ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot 2011-04-06 09:56:07.207701000 -0700
+++ ./mozilla/security/nss/tests/dbtests/dbtests.sh 2011-04-06 10:19:54.159552000 -0700
@@ -201,6 +201,9 @@ dbtest_main()
cat $RONLY_DIR/* > /dev/null
fi
+ # skipping the next two tests when user is root,
+ # otherwise they would fail due to rooty powers
+ if [[ $EUID -ne 0 ]] then
${BINDIR}/dbtest -d $RONLY_DIR
ret=$?
if [ $ret -ne 46 ]; then
@@ -208,6 +211,10 @@ dbtest_main()
else
html_passed "Dbtest r/w didn't work in an readonly dir $ret"
fi
+ else
+ html_passed "Skipping Dbtest r/w in a readonly dir because user is root"
+ fi
+ if [[ $EUID -ne 0 ]] then
${BINDIR}/certutil -D -n "TestUser" -d .
ret=$?
if [ $ret -ne 255 ]; then
@@ -215,6 +222,9 @@ dbtest_main()
else
html_passed "Certutil didn't work in an readonly dir $ret"
fi
+ else
+ html_passed "Skipping Certutil delete cert in an readonly directory test because user is root"
+ fi
Echo "test opening the database ronly in a readonly directory"

47
nss-703658.patch Normal file
View File

@ -0,0 +1,47 @@
Index: mozilla/security/nss/lib/crmf/crmfi.h
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/crmf/crmfi.h,v
retrieving revision 1.4
diff -u -u -r1.4 crmfi.h
--- mozilla/security/nss/lib/crmf/crmfi.h 15 Jan 2011 19:47:11 -0000 1.4
+++ mozilla/security/nss/lib/crmf/crmfi.h 11 May 2011 20:06:26 -0000
@@ -46,10 +46,38 @@
#include "secasn1.h"
#include "crmfit.h"
#include "secerr.h"
+#include "blapit.h"
#define CRMF_DEFAULT_ARENA_SIZE 1024
-#define MAX_WRAPPED_KEY_LEN 2048
+/*
+ * Explanation for the definition of MAX_WRAPPED_KEY_LEN:
+ *
+ * It's used for internal buffers to transport a wrapped private key.
+ * The value is in BYTES.
+ * We want to define a reasonable upper bound for this value.
+ * Ideally this could be calculated, but in order to simplify the code
+ * we want to estimate the maximum requires size.
+ * See also mozilla bug 655850 for the full explanation.
+ *
+ * We know the largest wrapped keys are RSA keys.
+ * We'll estimate the maximum size needed for wrapped RSA keys,
+ * and assume it's sufficient for wrapped keys of any type we support.
+ *
+ * The maximum size of RSA keys in bits is defined elsewhere as
+ * RSA_MAX_MODULUS_BITS
+ *
+ * The idea is to define MAX_WRAPPED_KEY_LEN based on the above.
+ *
+ * A wrapped RSA key requires about
+ * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65
+ * bytes.
+ *
+ * Therefore, a safe upper bound is:
+ * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
+ *
+ */
+#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS
#define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8)
#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)

View File

@ -1,132 +0,0 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="nss-config">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>nss-config</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>nss-config</refname>
<refpurpose>Return meta information about nss libraries</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nss-config</command>
<arg><option>--prefix</option></arg>
<arg><option>--exec-prefix</option></arg>
<arg><option>--includedir</option></arg>
<arg><option>--libs</option></arg>
<arg><option>--cflags</option></arg>
<arg><option>--libdir</option></arg>
<arg><option>--version</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection id="description">
<title>Description</title>
<para><command>nss-config</command> is a shell scrip
tool which can be used to obtain gcc options for building client pacakges of nspt. </para>
</refsection>
<refsection>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>--prefix</option></term>
<listitem><simpara>Returns the top level system directory under which the nss libraries are installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--exec-prefix</option></term>
<listitem><simpara>returns the top level system directory under which any nss binaries would be installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--includedir</option> <replaceable>count</replaceable></term>
<listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--version</option></term>
<listitem><simpara>returns the upstream version of nss in the form major_version-minor_version-patch_version.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--libs</option></term>
<listitem><simpara>returns the compiler linking flags.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--cflags</option></term>
<listitem><simpara>returns the compiler include flags.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--libdir</option></term>
<listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>The following example will query for both include path and linkage flags:
<programlisting>
/usr/bin/nss-config --cflags --libs
</programlisting>
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/usr/bin/nss-config</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkg-config(1)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>
Authors: Elio Maldonado &lt;emaldona@redhat.com>.
</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

12
nss-enable-pem.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700
+++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700
@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
CORE_DEPTH = ../../..
-DIRS = builtins
+DIRS = builtins pem
PRIVATE_EXPORTS = \
ck.h \

View File

@ -1,21 +0,0 @@
diff -up ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 ./lib/util/pkcs11n.h
--- ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 2020-05-13 13:44:11.312405744 -0700
+++ ./lib/util/pkcs11n.h 2020-05-13 13:45:23.951723660 -0700
@@ -605,7 +605,7 @@ typedef struct CK_NSS_GCM_PARAMS {
typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
/* deprecated #defines. Drop in future NSS releases */
-#ifdef NSS_PKCS11_2_0_COMPAT
+#ifndef NSS_PKCS11_3_0_STRICT
/* defines that were changed between NSS's PKCS #11 and the Oasis headers */
#define CKF_EC_FP CKF_EC_F_P
@@ -664,7 +664,7 @@ typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_
#define CKT_NETSCAPE_VALID CKT_NSS_VALID
#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
#else
-/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */
+/* use the new CK_GCM_PARAMS if NSS_PKCS11_3_0_STRICT is defined */
typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
#endif

View File

@ -1,31 +0,0 @@
Index: nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
===================================================================
--- nss.orig/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
+++ nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
@@ -56,9 +56,10 @@ typedef const char *Prims_string;
!defined(__clang__)
#include <emmintrin.h>
typedef __m128i FStar_UInt128_uint128;
-#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
+#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
+ defined(__s390x__))
typedef unsigned __int128 FStar_UInt128_uint128;
#elif !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(__clang__)
typedef __uint128_t FStar_UInt128_uint128;
Index: nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
===================================================================
--- nss.orig/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
+++ nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
@@ -26,7 +26,8 @@
#if !defined(KRML_VERIFIED_UINT128) && (!defined(_MSC_VER) || defined(__clang__)) && \
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
+ defined(__s390x__))
/* GCC + using native unsigned __int128 support */

View File

@ -1,4 +0,0 @@
name=p11-kit-proxy
library=p11-kit-proxy.so

View File

@ -1,94 +0,0 @@
diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
--- a/cmd/modutil/install.c
+++ b/cmd/modutil/install.c
@@ -825,17 +825,20 @@ rm_dash_r(char *path)
dir = PR_OpenDir(path);
if (!dir) {
return -1;
}
/* Recursively delete all entries in the directory */
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
- sprintf(filename, "%s/%s", path, entry->name);
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
+ PR_CloseDir(dir);
+ return -1;
+ }
if (rm_dash_r(filename)) {
PR_CloseDir(dir);
return -1;
}
}
if (PR_CloseDir(dir) != PR_SUCCESS) {
return -1;
diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
--- a/cmd/signtool/util.c
+++ b/cmd/signtool/util.c
@@ -132,17 +132,20 @@ rm_dash_r(char *path)
if (!dir) {
PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
errorCount++;
return -1;
}
/* Recursively delete all entries in the directory */
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
- sprintf(filename, "%s/%s", path, entry->name);
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
+ errorCount++;
+ return -1;
+ }
if (rm_dash_r(filename))
return -1;
}
if (PR_CloseDir(dir) != PR_SUCCESS) {
PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
errorCount++;
return -1;
diff --git a/lib/libpkix/pkix/util/pkix_list.c b/lib/libpkix/pkix/util/pkix_list.c
--- a/lib/libpkix/pkix/util/pkix_list.c
+++ b/lib/libpkix/pkix/util/pkix_list.c
@@ -1530,17 +1530,17 @@ cleanup:
*/
PKIX_Error *
PKIX_List_SetItem(
PKIX_List *list,
PKIX_UInt32 index,
PKIX_PL_Object *item,
void *plContext)
{
- PKIX_List *element;
+ PKIX_List *element = NULL;
PKIX_ENTER(LIST, "PKIX_List_SetItem");
PKIX_NULLCHECK_ONE(list);
if (list->immutable){
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
}
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
@@ -102,17 +102,17 @@ cleanup:
*/
static PKIX_Error *
pkix_pl_OID_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
- PKIX_Int32 cmpResult;
+ PKIX_Int32 cmpResult = 0;
PKIX_ENTER(OID, "pkix_pl_OID_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_pl_OID_Comparator
(first, second, &cmpResult, plContext),
PKIX_OIDCOMPARATORFAILED);

View File

@ -1,116 +0,0 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
softokn3 - Requires full dynamic linking
freebl3 - for internal use only (and glibc for self-integrity check)
nssdbm3 - for internal use only
Dymamically linked
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss-softokn`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss-softokn`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
echo $libdirs
fi

View File

@ -1,18 +0,0 @@
#!/bin/bash
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
check() {
return 255
}
depends() {
return 0
}
install() {
local _dir
inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \
libfreebl3.so
}

View File

@ -1,3 +0,0 @@
# turn on nss-softokn module
add_dracutmodules+=" nss-softokn "

View File

@ -1,11 +0,0 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS-SOFTOKN
Description: Network Security Services Softoken PKCS #11 Module
Version: %SOFTOKEN_VERSION%
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3
Cflags: -I${includedir}

View File

@ -1,118 +0,0 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-util-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
nssutil
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
lib_nssutil=yes
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss-util`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss-util`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss-util`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
if test -n "$lib_nssutil"; then
libdirs="$libdirs -lnssutil${major_version}"
fi
echo $libdirs
fi

View File

@ -1,11 +0,0 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS-UTIL
Description: Network Security Services Utility Library
Version: %NSSUTIL_VERSION%
Requires: nspr >= %NSPR_VERSION%
Libs: -L${libdir} -lnssutil3
Cflags: -I${includedir}

View File

@ -7,5 +7,5 @@ Name: NSS
Description: Network Security Services
Version: %NSS_VERSION%
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
Libs: -L${libdir} -lssl3 -lsmime3 -lnss3
Libs: -lssl3 -lsmime3 -lnss3
Cflags: -I${includedir}

1775
nss.spec

File diff suppressed because it is too large Load Diff

52
nsspem-642433.patch Normal file
View File

@ -0,0 +1,52 @@
diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c
--- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 2010-11-25 10:49:27.000000000 -0800
+++ ./mozilla/security/nss/lib/ckfw/pem/util.c 2010-12-08 08:02:02.618304926 -0800
@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item
return (result);
loser:
- if (result != NULL) {
- SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
- }
return (NULL);
}
@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds
prStatus = PR_GetOpenFileInfo(src, &info);
- if (prStatus != PR_SUCCESS) {
+ if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) {
return SECFailure;
}
@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds
return SECSuccess;
loser:
- SECITEM_FreeItem(dst, PR_FALSE);
- nss_ZFreeIf(dst);
+ nss_ZFreeIf(dst->data);
return SECFailure;
}
@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha
/* Read in ascii data */
rv = FileToItem(&filedata, inFile);
+ if (rv != SECSuccess) {
+ PR_Close(inFile);
+ return -1;
+ }
asc = (char *) filedata.data;
if (!asc) {
PR_Close(inFile);
@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha
} else {
/* Read in binary der */
rv = FileToItem(der, inFile);
- if (rv) {
+ if (rv != SECSuccess) {
PR_Close(inFile);
return -1;
}

View File

@ -1,56 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="pkcs11.txt">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>pkcs11.txt</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>pkcs11.txt</refname>
<refpurpose>NSS PKCS #11 module configuration file</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para>
The pkcs11.txt file is used to configure initialization parameters for the nss security module and optionally other pkcs #11 modules.
</para>
<para>
For full documentation visit <ulink url="https://developer.mozilla.org/en-US/docs/PKCS11_Module_Specs">PKCS #11 Module Specs</ulink>.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/pkcs11.txt</filename></para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

View File

@ -0,0 +1,12 @@
diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c
--- ./mozilla/security/nss/lib/ssl/sslsock.c.transitional 2010-09-04 09:46:50.331327676 -0700
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2010-09-04 09:50:02.814325605 -0700
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
};

View File

@ -1,63 +0,0 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="secmod.db">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>secmod.db</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>secmod.db</refname>
<refpurpose>Legacy NSS security modules database</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para><emphasis>secmod.db</emphasis> is an NSS security modules database.</para>
<para>The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the PKCS #11 API which NSS uses as its Services Provider Interface.
</para>
<para>The command line utility <emphasis>modutil</emphasis> is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens.
</para>
<para>For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new sqlite-based shared database format for certificate and key databases.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/secmod.db</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

View File

@ -1,106 +0,0 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="setup-nsssysinit">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>setup-nsssysinit</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>setup-nsssysinit</refname>
<refpurpose>Query or enable the nss-sysinit module</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>setup-nsssysinit</command>
<arg><option>on</option></arg>
<arg><option>off</option></arg>
<arg><option>status</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection id="description">
<title>Description</title>
<para><command>setup-nsssysinit</command> is a shell script to query the status of the nss-sysinit module and when run with root priviledge it can enable or disable it. </para>
<para>Turns on or off the nss-sysinit module db by editing the global PKCS #11 configuration file. Displays the status. This script can be invoked by the user as super user. It is invoked at nss-sysinit post install time with argument on.
</para>
</refsection>
<refsection>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>on</option></term>
<listitem><simpara>Turn on nss-sysinit.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>off</option></term>
<listitem><simpara>Turn on nss-sysinit.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>status</option></term>
<listitem><simpara>returns whether nss-syinit is enabled or not.</simpara></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>The following example will query for the status of nss-sysinit:
<programlisting>
/usr/bin/setup-nsssysinit status
</programlisting>
</para>
<para>The following example, when run as superuser, will turn on nss-sysinit:
<programlisting>
/usr/bin/setup-nsssysinit on
</programlisting>
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/usr/bin/setup-nsssysinit</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkg-config(1)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

14
sources
View File

@ -1,6 +1,8 @@
SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
SHA512 (nss-3.52.tar.gz) = a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
05ccaacf0146ef7b74f100e9d2141633 nss-3.12.10-stripped.tar.bz2
e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert

View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
# Description: NSS tools should not use SHA1 by default when
# Author: Hubert Kario <hkario@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2016 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Hubert Kario <hkario@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: NSS tools should not use SHA1 by default when" >> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 10m" >> $(METADATA)
@echo "RunFor: nss openssl" >> $(METADATA)
@echo "Requires: nss nss-tools openssl" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

View File

@ -1,4 +0,0 @@
PURPOSE of NSS-tools-should-not-use-SHA1-by-default-when
Description: NSS tools should not use SHA1 by default when
Author: Hubert Kario <hkario@redhat.com>
Summary: NSS tools should not use SHA1 by default when generating digital signatures/certificates

View File

@ -1,125 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of NSS-tools-should-not-use-SHA1-by-default-when
# Description: NSS tools should not use SHA1 by default when
# Author: Hubert Kario <hkario@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2016 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="nss"
PACKAGES="nss openssl"
DBDIR="nssdb"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm --all
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlRun "mkdir nssdb"
rlRun "certutil -N -d $DBDIR --empty-password"
rlLogInfo "Create a JAR file"
rlRun "mkdir java-dir"
rlRun "pushd java-dir"
rlRun "mkdir META-INF mypackage"
rlRun "echo 'Main-Class: mypackage/MyMainFile' > META-INF/MANIFEST.MF"
rlRun "echo 'Those are not the droids you are looking for' > mypackage/MyMainFile.class"
#rlRun "jar -cfe package.jar mypackage/MyMainFile mypackage/MyMainFile.class"
rlRun "popd"
#rlRun "mv java-dir/package.jar ."
rlPhaseEnd
rlPhaseStartTest "Self signing certificates"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "certutil -d $DBDIR -S -n 'CA' -t 'cTC,cTC,cTC' -s 'CN=CA' -x -z noise"
rlRun -s "certutil -d $DBDIR -L -n 'CA' -a | openssl x509 -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Signing certificates"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "certutil -d $DBDIR -S -n 'server' -t 'u,u,u' -s 'CN=server.example.com' -c 'CA' -z noise --nsCertType sslClient,sslServer,objectSigning,smime"
rlRun -s "certutil -d $DBDIR -L -n 'server' -a | openssl x509 -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "Certificate request"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "mkdir srv2db"
rlRun "certutil -d srv2db -N --empty-password"
rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise"
rlRun -s "openssl req -noout -text -in srv2.req"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
rlRun -s "openssl x509 -in srv2.crt -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlRun "rm -rf srv2db"
rlPhaseEnd
rlPhaseStartTest "Certificate request with SHA1"
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
rlRun "mkdir srv2db"
rlRun "certutil -d srv2db -N --empty-password"
rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise -Z SHA1"
rlRun -s "openssl req -noout -text -in srv2.req"
rlAssertGrep "Signature Algorithm: sha1WithRSAEncryption" "$rlRun_LOG"
rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
rlRun -s "openssl x509 -in srv2.crt -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlRun "rm -rf srv2db"
rlPhaseEnd
rlPhaseStartTest "Signing CMS messages"
rlRun "echo 'This is a document' > document.txt"
rlRun "cmsutil -S -d $DBDIR -N 'server' -i document.txt -o document.cms"
rlRun -s "openssl cms -in document.cms -inform der -noout -cmsout -print"
rlAssertGrep "algorithm: sha256" $rlRun_LOG
rlAssertNotGrep "algorithm: sha1" $rlRun_LOG
rlPhaseEnd
rlPhaseStartTest "CRL signing"
rlRun "echo $(date --utc +update=%Y%m%d%H%M%SZ) > script"
rlRun "echo $(date -d 'next week' --utc +nextupdate=%Y%m%d%H%M%SZ) >> script"
rlRun "echo addext crlNumber 0 1245 >>script"
rlRun "echo addcert 12 $(date -d 'yesterday' --utc +%Y%m%d%H%M%SZ) >>script"
rlRun "echo addext reasonCode 0 0 >>script"
rlRun "cat script"
rlRun "crlutil -G -c script -d $DBDIR -n CA -o ca.crl"
rlRun -s "openssl crl -in ca.crl -inform der -noout -text"
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" $rlRun_LOG
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

View File

@ -1,12 +0,0 @@
---
# This first play always runs on the local staging system
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
tests:
- NSS-tools-should-not-use-SHA1-by-default-when
required_packages:
- nss-tools
- nss