Fix NSSDB certificate search method

'getX509CertFromToken' erroneously compares Issuer DN of given cert
with Subject DNs of cert in NSSDB.  It falsely returns the parent of
the target cert, if the certs have the same serial number.

In the context of how this method is used, it causes the deletion of
an external CA certificate from the NSSDB if the serial numbers
match, and subsequent certificate verification failure when
connecting to LDAP.

Update the method to check the Issuer DN.

Fixes: https://fedorahosted.org/pki/ticket/2301

0 files changed, 0 insertions, 0 deletions