certmonger/0005-Only-de-duplicate-certificates-within-the-same-token.patch

From 6ebe5695a626c6cd254b249bbebf9846bcb936c0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 4 Sep 2018 11:06:13 -0400
Subject: [PATCH 4/7] Only de-duplicate certificates within the same token

certmonger may not have read/write access to tokens other than
the one it is examining so don't try to de-duplicate certificates
on other tokens.
---
 src/certsave-n.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/certsave-n.c b/src/certsave-n.c
index 193309c5..d0152cad 100644
--- a/src/certsave-n.c
+++ b/src/certsave-n.c
@@ -391,8 +391,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 						     !CERT_LIST_EMPTY(certlist) &&
 						     !CERT_LIST_END(node, certlist);
 						     node = CERT_LIST_NEXT(node)) {
-							if (!SECITEM_ItemsAreEqual(&subject,
-										   &node->cert->derSubject)) {
+							if ((!SECITEM_ItemsAreEqual(&subject,
+									   &node->cert->derSubject)) &&
+										(sle->slot == node->cert->slot)) {
 								cm_log(3, "Found a "
 								       "certificate "
 								       "with the same "
@@ -441,7 +442,8 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 					     node = CERT_LIST_NEXT(node)) {
 						if ((node->cert->nickname != NULL) &&
 						    (strcmp(entry->cm_cert_nickname,
-							    node->cert->nickname) != 0))
+							    node->cert->nickname) != 0) &&
+								(sle->slot == node->cert->slot))
 						{
 							i++;
 							cm_log(3, "Found a "
-- 
2.14.4
Improve NSS token handling The updated NSS crypto-policy enables all tokens which broke requesting certificates due to the way that tokens were managed. 2018-10-01 18:34:36 +00:00			`From 6ebe5695a626c6cd254b249bbebf9846bcb936c0 Mon Sep 17 00:00:00 2001`
			`From: Rob Crittenden <rcritten@redhat.com>`
			`Date: Tue, 4 Sep 2018 11:06:13 -0400`
			`Subject: [PATCH 4/7] Only de-duplicate certificates within the same token`

			`certmonger may not have read/write access to tokens other than`
			`the one it is examining so don't try to de-duplicate certificates`
			`on other tokens.`
			`---`
			`src/certsave-n.c \| 8 +++++---`
			`1 file changed, 5 insertions(+), 3 deletions(-)`

			`diff --git a/src/certsave-n.c b/src/certsave-n.c`
			`index 193309c5..d0152cad 100644`
			`--- a/src/certsave-n.c`
			`+++ b/src/certsave-n.c`
			`@@ -391,8 +391,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca ca, struct cm_store_entry entry,`
			`!CERT_LIST_EMPTY(certlist) &&`
			`!CERT_LIST_END(node, certlist);`
			`node = CERT_LIST_NEXT(node)) {`
			`- if (!SECITEM_ItemsAreEqual(&subject,`
			`- &node->cert->derSubject)) {`
			`+ if ((!SECITEM_ItemsAreEqual(&subject,`
			`+ &node->cert->derSubject)) &&`
			`+ (sle->slot == node->cert->slot)) {`
			`cm_log(3, "Found a "`
			`"certificate "`
			`"with the same "`
			`@@ -441,7 +442,8 @@ cm_certsave_n_main(int fd, struct cm_store_ca ca, struct cm_store_entry entry,`
			`node = CERT_LIST_NEXT(node)) {`
			`if ((node->cert->nickname != NULL) &&`
			`(strcmp(entry->cm_cert_nickname,`
			`- node->cert->nickname) != 0))`
			`+ node->cert->nickname) != 0) &&`
			`+ (sle->slot == node->cert->slot))`
			`{`
			`i++;`
			`cm_log(3, "Found a "`
			`--`
			`2.14.4`