Fix for 158221 - make crlutil save memory by using the new PK11_ImportCRL function with the CRL_DECODE_DONT_COPY_DER option
authorjpierre%netscape.com
Fri, 19 Jul 2002 01:07:27 +0000
changeset 3336 2a782e93cc0388c2613efa58cdf80fa734a455bd
parent 3335 817e42ba7d43b30c8b9ed82bdcfe0fdbf19aec1a
child 3337 fdb5638aa0594c9dcaacb12cde174bdaa1de1e5d
push idunknown
push userunknown
push dateunknown
bugs158221
Fix for 158221 - make crlutil save memory by using the new PK11_ImportCRL function with the CRL_DECODE_DONT_COPY_DER option
security/nss/cmd/crlutil/crlutil.c
--- a/security/nss/cmd/crlutil/crlutil.c
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -40,16 +40,17 @@
 /* test only */
 
 #include "nspr.h"
 #include "plgetopt.h"
 #include "secutil.h"
 #include "cert.h"
 #include "certdb.h"
 #include "nss.h"
+#include "pk11func.h"
 
 #define SEC_CERT_DB_EXISTS 0
 #define SEC_CREATE_CERT_DB 1
 
 static char *progName;
 
 static CERTSignedCrl *FindCRL
    (CERTCertDBHandle *certHandle, char *name, int type)
@@ -173,32 +174,34 @@ static SECStatus DeleteCRL (CERTCertDBHa
 
 SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, 
                      PRFileDesc *inFile, PRBool bypassChecks)
 {
     CERTCertificate *cert = NULL;
     CERTSignedCrl *crl = NULL;
     SECItem crlDER;
     int rv;
+    PRInt32 importOptions;
 
     crlDER.data = NULL;
 
 
     /* Read in the entire file specified with the -f argument */
 	rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
     if (rv != SECSuccess) {
 	SECU_PrintError(progName, "unable to read input file");
 	return (SECFailure);
     }
-    
-    if (PR_FALSE == bypassChecks) {
-        crl = CERT_ImportCRL (certHandle, &crlDER, url, type, NULL);
-    } else {
-        crl = SEC_NewCrl (certHandle, url, &crlDER, type);
+ 
+    importOptions = CRL_IMPORT_DEFAULT_OPTIONS;
+    if (PR_TRUE == bypassChecks) {
+        importOptions |= CRL_IMPORT_BYPASS_CHECKS;
     }
+    crl = PK11_ImportCRL(PK11_GetInternalKeySlot(), &crlDER, url, type,
+          NULL, importOptions, NULL, CRL_DECODE_DONT_COPY_DER);
     if (!crl) {
 	const char *errString;
 
 	errString = SECU_Strerror(PORT_GetError());
 	if ( errString && PORT_Strlen (errString) == 0)
 	    SECU_PrintError
 		    (progName, "CRL is not import (error: input CRL is not up to date.)");
 	else