b427a91a63
Rebase NSS to nss-3.101
134 lines
3.9 KiB
Diff
134 lines
3.9 KiB
Diff
diff --git a/lib/certhigh/certvfypkix.c b/lib/certhigh/certvfypkix.c
|
|
--- a/lib/certhigh/certvfypkix.c
|
|
+++ b/lib/certhigh/certvfypkix.c
|
|
@@ -37,11 +37,11 @@
|
|
pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable);
|
|
|
|
PRInt32 parallelFnInvocationCount;
|
|
#endif /* PKIX_OBJECT_LEAK_TEST */
|
|
|
|
-static PRBool usePKIXValidationEngine = PR_FALSE;
|
|
+static PRBool usePKIXValidationEngine = PR_TRUE;
|
|
#endif /* NSS_DISABLE_LIBPKIX */
|
|
|
|
/*
|
|
* FUNCTION: CERT_SetUsePKIXForValidation
|
|
* DESCRIPTION:
|
|
diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c
|
|
--- a/lib/nss/nssinit.c
|
|
+++ b/lib/nss/nssinit.c
|
|
@@ -762,13 +762,13 @@
|
|
PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
|
|
|
|
if (pkixError != NULL) {
|
|
goto loser;
|
|
} else {
|
|
- char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY");
|
|
+ char *ev = PR_GetEnvSecure("NSS_DISABLE_PKIX_VERIFY");
|
|
if (ev && ev[0]) {
|
|
- CERT_SetUsePKIXForValidation(PR_TRUE);
|
|
+ CERT_SetUsePKIXForValidation(PR_FALSE);
|
|
}
|
|
}
|
|
#endif /* NSS_DISABLE_LIBPKIX */
|
|
}
|
|
|
|
diff --git a/tests/all.sh b/tests/all.sh
|
|
--- a/tests/all.sh
|
|
+++ b/tests/all.sh
|
|
@@ -141,17 +141,22 @@
|
|
########################################################################
|
|
run_cycle_standard()
|
|
{
|
|
TEST_MODE=STANDARD
|
|
|
|
+ NSS_DISABLE_LIBPKIX_VERIFY="1"
|
|
+ export NSS_DISABLE_LIBPKIX_VERIFY
|
|
+
|
|
TESTS="${ALL_TESTS}"
|
|
TESTS_SKIP="libpkix pkits"
|
|
|
|
NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE:-"sql"}
|
|
export NSS_DEFAULT_DB_TYPE
|
|
|
|
run_tests
|
|
+
|
|
+ unset NSS_DISABLE_LIBPKIX_VERIFY
|
|
}
|
|
|
|
############################ run_cycle_pkix ############################
|
|
# run test suites with PKIX enabled
|
|
########################################################################
|
|
@@ -165,13 +170,10 @@
|
|
|
|
HOSTDIR="${HOSTDIR}/pkix"
|
|
mkdir -p "${HOSTDIR}"
|
|
init_directories
|
|
|
|
- NSS_ENABLE_PKIX_VERIFY="1"
|
|
- export NSS_ENABLE_PKIX_VERIFY
|
|
-
|
|
TESTS="${ALL_TESTS}"
|
|
TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit"
|
|
|
|
export -n NSS_SSL_RUN
|
|
|
|
diff --git a/tests/common/init.sh b/tests/common/init.sh
|
|
--- a/tests/common/init.sh
|
|
+++ b/tests/common/init.sh
|
|
@@ -138,12 +138,12 @@
|
|
echo "NSS_TEST_DISABLE_CRL=${NSS_TEST_DISABLE_CRL}"
|
|
echo "NSS_SSL_TESTS=\"${NSS_SSL_TESTS}\""
|
|
echo "NSS_SSL_RUN=\"${NSS_SSL_RUN}\""
|
|
echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}"
|
|
echo "export NSS_DEFAULT_DB_TYPE"
|
|
- echo "NSS_ENABLE_PKIX_VERIFY=${NSS_ENABLE_PKIX_VERIFY}"
|
|
- echo "export NSS_ENABLE_PKIX_VERIFY"
|
|
+ echo "NSS_DISABLE_PKIX_VERIFY=${NSS_DISABLE_PKIX_VERIFY}"
|
|
+ echo "export NSS_DISABLE_PKIX_VERIFY"
|
|
echo "init_directories"
|
|
}
|
|
|
|
# Exit shellfunction to clean up at exit (error, regular or signal)
|
|
Exit()
|
|
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
|
|
--- a/tests/ssl/ssl.sh
|
|
+++ b/tests/ssl/ssl.sh
|
|
@@ -960,13 +960,12 @@
|
|
ssl_policy_pkix_ocsp()
|
|
{
|
|
#verbose="-v"
|
|
html_head "Check that OCSP doesn't break if we disable sha1 $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
|
|
|
|
- PKIX_SAVE=${NSS_ENABLE_PKIX_VERIFY-"unset"}
|
|
- NSS_ENABLE_PKIX_VERIFY="1"
|
|
- export NSS_ENABLE_PKIX_VERIFY
|
|
+ PKIX_SAVE=${NSS_DISABLE_LIBPKIX_VERIFY-"unset"}
|
|
+ unset NSS_DISABLE_LIBPKIX_VERIFY
|
|
|
|
testname=""
|
|
|
|
if [ ! -f "${P_R_SERVERDIR}/pkcs11.txt" ] ; then
|
|
html_failed "${SCRIPTNAME}: ${P_R_SERVERDIR} is not initialized"
|
|
@@ -987,16 +986,14 @@
|
|
grep 12276 ${P_R_SERVERDIR}/vfy.out
|
|
RET=$?
|
|
html_msg $RET $RET_EXP "${testname}" \
|
|
"produced a returncode of $RET, expected is $RET_EXP"
|
|
|
|
- if [ "${PKIX_SAVE}" = "unset" ]; then
|
|
- unset NSS_ENABLE_PKIX_VERIFY
|
|
- else
|
|
- NSS_ENABLE_PKIX_VERIFY=${PKIX_SAVE}
|
|
- export NSS_ENABLE_PKIX_VERIFY
|
|
+ if [ "{PKIX_SAVE}" != "unset" ]; then
|
|
+ export NSS_DISABLE_LIBPKIX_VERIFY=${PKIX_SAVE}
|
|
fi
|
|
+
|
|
cp ${P_R_SERVERDIR}/pkcs11.txt.sav ${P_R_SERVERDIR}/pkcs11.txt
|
|
|
|
html "</TABLE><BR>"
|
|
|
|
}
|
|
|