37cd032951
The updated NSS crypto-policy enables all tokens which broke requesting certificates due to the way that tokens were managed.
42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
From 6ebe5695a626c6cd254b249bbebf9846bcb936c0 Mon Sep 17 00:00:00 2001
|
|
From: Rob Crittenden <rcritten@redhat.com>
|
|
Date: Tue, 4 Sep 2018 11:06:13 -0400
|
|
Subject: [PATCH 4/7] Only de-duplicate certificates within the same token
|
|
|
|
certmonger may not have read/write access to tokens other than
|
|
the one it is examining so don't try to de-duplicate certificates
|
|
on other tokens.
|
|
---
|
|
src/certsave-n.c | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
index 193309c5..d0152cad 100644
|
|
--- a/src/certsave-n.c
|
|
+++ b/src/certsave-n.c
|
|
@@ -391,8 +391,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
!CERT_LIST_EMPTY(certlist) &&
|
|
!CERT_LIST_END(node, certlist);
|
|
node = CERT_LIST_NEXT(node)) {
|
|
- if (!SECITEM_ItemsAreEqual(&subject,
|
|
- &node->cert->derSubject)) {
|
|
+ if ((!SECITEM_ItemsAreEqual(&subject,
|
|
+ &node->cert->derSubject)) &&
|
|
+ (sle->slot == node->cert->slot)) {
|
|
cm_log(3, "Found a "
|
|
"certificate "
|
|
"with the same "
|
|
@@ -441,7 +442,8 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
node = CERT_LIST_NEXT(node)) {
|
|
if ((node->cert->nickname != NULL) &&
|
|
(strcmp(entry->cm_cert_nickname,
|
|
- node->cert->nickname) != 0))
|
|
+ node->cert->nickname) != 0) &&
|
|
+ (sle->slot == node->cert->slot))
|
|
{
|
|
i++;
|
|
cm_log(3, "Found a "
|
|
--
|
|
2.14.4
|
|
|