6155daa274
- Patch to fix NSS handling of keys in sqlite databases - Patches to fix tests now that sqlite is the NSS default. Also fix building in rawhide due to packaging changes - Remove BR on mktemp. It is now provided by coreutils.
49 lines
1.6 KiB
Diff
49 lines
1.6 KiB
Diff
From 19d70d9817a5d22d05ff990f354ddadb77cc05a6 Mon Sep 17 00:00:00 2001
|
|
From: Rob Crittenden <rcritten@redhat.com>
|
|
Date: Tue, 9 Jan 2018 22:18:58 -0500
|
|
Subject: [PATCH 4/6] Workaround NSS bug in associating private key to
|
|
certificate
|
|
|
|
If NSS uses SQL DB storage, CERT_ImportCerts creates incomplete
|
|
internal state (the cert isn't associated with the private key,
|
|
and calling PK11_FindKeyByAnyCert returns no result).
|
|
|
|
As a workaround, we import the cert again using PK11_ImportCert
|
|
which magically fixes the issue.
|
|
|
|
See rhbz#1532188
|
|
|
|
Related: https://pagure.io/certmonger/issue/88
|
|
---
|
|
src/certsave-n.c | 14 ++++++++++++++
|
|
1 file changed, 14 insertions(+)
|
|
|
|
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
index a2c97000..8e15a18a 100644
|
|
--- a/src/certsave-n.c
|
|
+++ b/src/certsave-n.c
|
|
@@ -474,6 +474,20 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
PR_FALSE,
|
|
entry->cm_cert_nickname);
|
|
ec = PORT_GetError();
|
|
+ if (error == SECSuccess) {
|
|
+ /* If NSS uses SQL DB storage, CERT_ImportCerts creates
|
|
+ * an incomplete internal state (the cert isn't
|
|
+ * associated with the private key, and calling
|
|
+ * PK11_FindKeyByAnyCert returns no result).
|
|
+ * As a workaround, we import the cert again using
|
|
+ * PK11_ImportCert, which magically fixes the issue.
|
|
+ * See rhbz#1532188 */
|
|
+ error = PK11_ImportCert(PK11_GetInternalKeySlot(),
|
|
+ returned[0],
|
|
+ CK_INVALID_HANDLE,
|
|
+ returned[0]->nickname,
|
|
+ PR_FALSE);
|
|
+ }
|
|
if (error == SECSuccess) {
|
|
cm_log(1, "Imported certificate \"%s\", got "
|
|
"nickname \"%s\".\n",
|
|
--
|
|
2.15.1
|
|
|