nss/nss-sysinit-userdb-first.patch
Elio Maldonado 7292dd3723 - Fix certificates trust order (#643134)
- Apply nss-sysinit-userdb-first.patch last
2010-10-18 15:54:32 -07:00

79 lines
3.1 KiB
Diff
Executable File

diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.603313 ./mozilla/security/nss/lib/sysinit/nsssysinit.c
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.603313 2010-10-15 13:57:42.719738316 -0700
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-10-15 14:07:51.704637349 -0700
@@ -263,16 +263,26 @@ get_list(char *filename, char *stripped_
sysdb = getSystemDB();
userdb = getUserDB();
- /* Don't open root's user DB */
+ /* return a list of databases to open. First the system database */
+ if (sysdb) {
+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+ module_list[next++] = PR_smprintf(
+ "library= "
+ "module=\"NSS system database\" "
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+ "NSS=\"trustOrder=80 %sflags=internal,critical\"",
+ sysdb, readonly, nssflags);
+ }
+
+ /* Next the user database, but not for root. */
if (userdb != NULL && !userIsRoot()) {
- /* return a list of databases to open. First the user Database */
module_list[next++] = PR_smprintf(
"library= "
"module=\"NSS User database\" "
"parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
- "NSS=\"trustOrder=75 %sflags=internal%s\"",
- userdb, stripped_parameters, nssflags,
- isFIPS ? ",FIPS" : "");
+ "NSS=\"trustOrder=75 %sflags=internal%s\"",
+ userdb, stripped_parameters, nssflags,
+ isFIPS ? ",FIPS" : "");
/* now open the user's defined PKCS #11 modules */
/* skip the local user DB entry */
@@ -281,41 +291,7 @@ get_list(char *filename, char *stripped_
"module=\"NSS User database\" "
"parameters=\"configdir='sql:%s' %s\" "
"NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"",
- userdb, stripped_parameters);
- }
-
-#if 0
- /* This doesn't actually work. If we register
- both this and the sysdb (in either order)
- then only one of them actually shows up */
-
- /* Using a NULL filename as a Boolean flag to
- * prevent registering both an application-defined
- * db and the system db. rhbz #546211.
- */
- PORT_Assert(filename);
- if (sysdb && PL_CompareStrings(filename, sysdb))
- filename = NULL;
- else if (userdb && PL_CompareStrings(filename, userdb))
- filename = NULL;
-
- if (filename && !userIsRoot()) {
- module_list[next++] = PR_smprintf(
- "library= "
- "module=\"NSS database\" "
- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
- "NSS=\"%sflags=internal\"",filename, filename, nssflags);
- }
-#endif
-
- /* now the system database (always read only unless it's root) */
- if (sysdb) {
- const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
- module_list[next++] = PR_smprintf(
- "library= "
- "module=\"NSS system database\" "
- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
- "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
+ userdb, stripped_parameters);
}
/* that was the last module */