From: Rich Megginson Date: Sat, 18 Aug 2012 02:20:01 +0000 (-0600) Subject: ITS#7360 accept nss certname in the form of tokenname:certnickname X-Git-Tag: OPENLDAP_REL_ENG_2_4_33~39 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d896e9cbad8aa0d455c197c0888bb86b3937ea04;p=openldap ITS#7360 accept nss certname in the form of tokenname:certnickname There are cases where the user may want to force the use of a particular PKCS11 device to use for a given certificate. Allow the user to do this with MozNSS by specifying the cert as "tokenname:certnickname" where token name is the name of a token/slot in a PKCS11 device and certnickname is the nickname of a certificate on that device. --- diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c index 10e6e707d1..1422ce26c0 100644 --- a/libraries/libldap/tls_m.c +++ b/libraries/libldap/tls_m.c @@ -2102,6 +2102,22 @@ tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) return 0; } +/* returns true if the given string looks like + "tokenname" ":" "certnickname" + This is true if there is a ':' colon character + in the string and the colon is not the first + or the last character in the string +*/ +static int +tlsm_is_tokenname_certnick( const char *certfile ) +{ + if ( certfile ) { + const char *ptr = PL_strchr( certfile, ':' ); + return ptr && (ptr != certfile) && (*(ptr+1)); + } + return 0; +} + static int tlsm_deferred_ctx_init( void *arg ) { @@ -2268,7 +2284,10 @@ tlsm_deferred_ctx_init( void *arg ) } else { char *tmp_certname; - if ( ctx->tc_certdb_slot ) { + if ( tlsm_is_tokenname_certnick( lt->lt_certfile )) { + /* assume already in form tokenname:certnickname */ + tmp_certname = PL_strdup( lt->lt_certfile ); + } else if ( ctx->tc_certdb_slot ) { tmp_certname = PR_smprintf( TLSM_CERTDB_DESC_FMT ":%s", ctx->tc_unique, lt->lt_certfile ); } else { tmp_certname = PR_smprintf( "%s", lt->lt_certfile );