Fix for 138354 - fix PKCS#11 hardware token problems with trust bits NSS_3_4_BRANCH
authorjpierre%netscape.com
Tue, 23 Apr 2002 22:39:04 +0000
branchNSS_3_4_BRANCH
changeset 3037 e80a17996c4b7d5ca4a6c96584edfdcc23c60ac8
parent 3035 fbf2d578ae48000dbc42a5b36b39df7560fd5f76
child 3038 c74e66fc189e11b7d5c12636f0cb0991cb773116
push idunknown
push userunknown
push dateunknown
bugs138354
Fix for 138354 - fix PKCS#11 hardware token problems with trust bits
security/nss/lib/pk11wrap/pk11cert.c
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -3345,22 +3345,26 @@ pk11ListCertCallback(CERTCertificate *ce
 #endif
 {
     struct listCertsStr *listCertP = (struct listCertsStr *)arg;
     CERTCertificate *newCert = NULL;
     PK11CertListType type = listCertP->type;
     CERTCertList *certList = listCertP->certList;
     CERTCertTrust *trust;
     PRBool isUnique = PR_FALSE;
+    PRBool isCA = PR_FALSE;
     char *nickname = NULL;
     unsigned int certType;
 
     if ((type == PK11CertListUnique) || (type == PK11CertListRootUnique)) {
 	isUnique = PR_TRUE;
     }
+    if ((type == PK11CertListCA) || (type == PK11CertListRootUnique)) {
+	isCA = PR_TRUE;
+    }
     /* at this point the nickname is correct for the cert. save it for later */
     if (!isUnique && cert->nickname) {
          nickname = PORT_ArenaStrdup(listCertP->certList->arena,cert->nickname);
     }
 #ifdef NSS_CLASSIC
     if (derCert == NULL) {
 	newCert=CERT_DupCertificate(cert);
     } else {
@@ -3394,17 +3398,17 @@ pk11ListCertCallback(CERTCertificate *ce
 
     /* if we want Unique certs and we already have it on our list, skip it */
     if ( isUnique && isOnList(certList,newCert) ) {
 	CERT_DestroyCertificate(newCert);
 	return SECSuccess;
     }
 
     /* if we want CA certs and it ain't one, skip it */
-    if( type == PK11CertListCA  && (!CERT_IsCACert(newCert, &certType)) ) {
+    if( isCA  && (!CERT_IsCACert(newCert, &certType)) ) {
 	CERT_DestroyCertificate(newCert);
 	return SECSuccess;
     }
 
     /* put slot certs at the end */
     if (newCert->slot && !PK11_IsInternal(newCert->slot)) {
     	CERT_AddCertToListTailWithData(certList,newCert,nickname);
     } else {