Commit d896e9cb authored by Rich Megginson's avatar Rich Megginson Committed by Quanah Gibson-Mount
Browse files

ITS#7360 accept nss certname in the form of tokenname:certnickname

There are cases where the user may want to force the use of a particular
PKCS11 device to use for a given certificate.  Allow the user to do this
with MozNSS by specifying the cert as "tokenname:certnickname" where
token name is the name of a token/slot in a PKCS11 device and certnickname
is the nickname of a certificate on that device.
parent 9905113e
......@@ -2102,6 +2102,22 @@ tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
return 0;
}
/* returns true if the given string looks like
"tokenname" ":" "certnickname"
This is true if there is a ':' colon character
in the string and the colon is not the first
or the last character in the string
*/
static int
tlsm_is_tokenname_certnick( const char *certfile )
{
if ( certfile ) {
const char *ptr = PL_strchr( certfile, ':' );
return ptr && (ptr != certfile) && (*(ptr+1));
}
return 0;
}
static int
tlsm_deferred_ctx_init( void *arg )
{
......@@ -2268,7 +2284,10 @@ tlsm_deferred_ctx_init( void *arg )
} else {
char *tmp_certname;
if ( ctx->tc_certdb_slot ) {
if ( tlsm_is_tokenname_certnick( lt->lt_certfile )) {
/* assume already in form tokenname:certnickname */
tmp_certname = PL_strdup( lt->lt_certfile );
} else if ( ctx->tc_certdb_slot ) {
tmp_certname = PR_smprintf( TLSM_CERTDB_DESC_FMT ":%s", ctx->tc_unique, lt->lt_certfile );
} else {
tmp_certname = PR_smprintf( "%s", lt->lt_certfile );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment