nss/nss-3.101-revert-libpkix-default.patch
Robert Relyea c1408d7faa Resolves: RHEL-46852
Rebase NSS to 3.101 for Firefox 128
2024-07-10 13:28:29 -07:00

105 lines
3.6 KiB
Diff

diff -up ./lib/certhigh/certvfypkix.c.revert_libpkix ./lib/certhigh/certvfypkix.c
--- ./lib/certhigh/certvfypkix.c.revert_libpkix 2024-06-07 09:26:03.000000000 -0700
+++ ./lib/certhigh/certvfypkix.c 2024-07-05 13:18:34.285174699 -0700
@@ -39,7 +39,7 @@ pkix_pl_lifecycle_ObjectTableUpdate(int
PRInt32 parallelFnInvocationCount;
#endif /* PKIX_OBJECT_LEAK_TEST */
-static PRBool usePKIXValidationEngine = PR_TRUE;
+static PRBool usePKIXValidationEngine = PR_FALSE;
#endif /* NSS_DISABLE_LIBPKIX */
/*
diff -up ./lib/nss/nssinit.c.revert_libpkix ./lib/nss/nssinit.c
--- ./lib/nss/nssinit.c.revert_libpkix 2024-06-07 09:26:03.000000000 -0700
+++ ./lib/nss/nssinit.c 2024-07-05 13:18:34.285174699 -0700
@@ -764,9 +764,9 @@ nss_Init(const char *configdir, const ch
if (pkixError != NULL) {
goto loser;
} else {
- char *ev = PR_GetEnvSecure("NSS_DISABLE_PKIX_VERIFY");
+ char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY");
if (ev && ev[0]) {
- CERT_SetUsePKIXForValidation(PR_FALSE);
+ CERT_SetUsePKIXForValidation(PR_TRUE);
}
}
#endif /* NSS_DISABLE_LIBPKIX */
diff -up ./tests/all.sh.revert_libpkix ./tests/all.sh
--- ./tests/all.sh.revert_libpkix 2024-06-07 09:26:03.000000000 -0700
+++ ./tests/all.sh 2024-07-05 13:18:34.285174699 -0700
@@ -143,9 +143,6 @@ run_cycle_standard()
{
TEST_MODE=STANDARD
- NSS_DISABLE_LIBPKIX_VERIFY="1"
- export NSS_DISABLE_LIBPKIX_VERIFY
-
TESTS="${ALL_TESTS}"
TESTS_SKIP="libpkix pkits"
@@ -153,8 +150,6 @@ run_cycle_standard()
export NSS_DEFAULT_DB_TYPE
run_tests
-
- unset NSS_DISABLE_LIBPKIX_VERIFY
}
############################ run_cycle_pkix ############################
@@ -172,6 +167,9 @@ run_cycle_pkix()
mkdir -p "${HOSTDIR}"
init_directories
+ NSS_ENABLE_PKIX_VERIFY="1"
+ export NSS_ENABLE_PKIX_VERIFY
+
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit"
diff -up ./tests/common/init.sh.revert_libpkix ./tests/common/init.sh
--- ./tests/common/init.sh.revert_libpkix 2024-06-07 09:26:03.000000000 -0700
+++ ./tests/common/init.sh 2024-07-05 13:18:34.285174699 -0700
@@ -140,8 +140,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
echo "NSS_SSL_RUN=\"${NSS_SSL_RUN}\""
echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}"
echo "export NSS_DEFAULT_DB_TYPE"
- echo "NSS_DISABLE_PKIX_VERIFY=${NSS_DISABLE_PKIX_VERIFY}"
- echo "export NSS_DISABLE_PKIX_VERIFY"
+ echo "NSS_ENABLE_PKIX_VERIFY=${NSS_ENABLE_PKIX_VERIFY}"
+ echo "export NSS_ENABLE_PKIX_VERIFY"
echo "init_directories"
}
diff -up ./tests/ssl/ssl.sh.revert_libpkix ./tests/ssl/ssl.sh
--- ./tests/ssl/ssl.sh.revert_libpkix 2024-07-05 13:18:34.267174492 -0700
+++ ./tests/ssl/ssl.sh 2024-07-05 13:23:15.295402481 -0700
@@ -971,8 +971,9 @@ ssl_policy_pkix_ocsp()
return 0
fi
- PKIX_SAVE=${NSS_DISABLE_LIBPKIX_VERIFY-"unset"}
- unset NSS_DISABLE_LIBPKIX_VERIFY
+ PKIX_SAVE=${NSS_ENABLE_PKIX_VERIFY-"unset"}
+ NSS_ENABLE_PKIX_VERIFY="1"
+ export NSS_ENABLE_PKIX_VERIFY
testname=""
@@ -997,10 +998,12 @@ ssl_policy_pkix_ocsp()
html_msg $RET $RET_EXP "${testname}" \
"produced a returncode of $RET, expected is $RET_EXP"
- if [ "{PKIX_SAVE}" != "unset" ]; then
- export NSS_DISABLE_LIBPKIX_VERIFY=${PKIX_SAVE}
+ if [ "${PKIX_SAVE}" = "unset" ]; then
+ unset NSS_ENABLE_PKIX_VERIFY
+ else
+ NSS_ENABLE_PKIX_VERIFY=${PKIX_SAVE}
+ export NSS_ENABLE_PKIX_VERIFY
fi
-
cp ${P_R_SERVERDIR}/pkcs11.txt.sav ${P_R_SERVERDIR}/pkcs11.txt
html "</TABLE><BR>"