Bug 1458518, Nicknames of existing certificates in NSS SQL DB should remain unchanged on repeated import attempts, r=kaie
authorRobert Relyea <rrelyea@redhat.com>
Wed, 02 May 2018 15:46:29 +0200
changeset 14344 2f1ee2b8f7a65ecae1a84c02dcf0167ce3b57ab4
parent 14343 5a210945d2486d6443556ec578b22c05949e1049
child 14345 4d41d769000774895041caec8ce8e4a5a145c1b4
push id3077
push userkaie@kuix.de
push dateWed, 02 May 2018 13:45:28 +0000
reviewerskaie
bugs1458518
Bug 1458518, Nicknames of existing certificates in NSS SQL DB should remain unchanged on repeated import attempts, r=kaie
lib/dev/devtoken.c
--- a/lib/dev/devtoken.c
+++ b/lib/dev/devtoken.c
@@ -523,17 +523,19 @@ nssToken_ImportCertificate(
         }
         /* according to PKCS#11, label, ID, issuer, and serial number
          * may change after the object has been created.  For PKIX, the
          * last two attributes can't change, so for now we'll only worry
          * about the first two.
          */
         NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
         NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
-        NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+        if (!rvObject->label && nickname) {
+            NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+        }
         NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
         /* reset the mutable attributes on the token */
         nssCKObject_SetAttributes(rvObject->handle,
                                   cert_tmpl, ctsize,
                                   session, slot);
         if (!rvObject->label && nickname) {
             rvObject->label = nssUTF8_Duplicate(nickname, NULL);
         }