diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-11-07 00:47:20 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-11-07 00:47:20 +0000 |
| commit | 16a8b5f5d0ac4841a9da7142108b1b5ac70121e4 (patch) | |
| tree | 09b05b7ffeab0e42688fb02618a1d47a9bbf04f5 | |
| parent | e10f243be294ba9b3ba4b39a1a6bdf4bbbaf0fcf (diff) | |
| download | krb5-16a8b5f5d0ac4841a9da7142108b1b5ac70121e4.tar.gz krb5-16a8b5f5d0ac4841a9da7142108b1b5ac70121e4.tar.xz krb5-16a8b5f5d0ac4841a9da7142108b1b5ac70121e4.zip | |
Fix warnings and version check for NSS pkinit
From nalin@redhat.com.
ticket: 6999
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25445 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/configure.in | 6 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 6 |
2 files changed, 5 insertions, 7 deletions
diff --git a/src/configure.in b/src/configure.in index e5de90335d..6aae2f5d69 100644 --- a/src/configure.in +++ b/src/configure.in @@ -162,12 +162,10 @@ nss) CFLAGS="$CFLAGS $CRYPTO_IMPL_CFLAGS" AC_COMPILE_IFELSE([AC_LANG_SOURCE([ #include <nss.h> -#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 12) -#error -#elif NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH < 9 +#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 13) #error #endif - ])], [], [AC_MSG_ERROR([NSS version 3.12.9 or later required.])]) + ])], [], [AC_MSG_ERROR([NSS version 3.13 or later required.])]) CFLAGS=$save_CFLAGS ;; *) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 7955324f7d..1a83083fe3 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -2190,7 +2190,7 @@ crypto_get_pem_slot(struct _pkinit_identity_crypto_context *id) /* Resolve any ambiguities from having a duplicate nickname in the PKCS12 * bundle and in the database, or the bag not providing a nickname. Note: you * might expect "arg" to be a wincx, but it's actually a certificate! (Mozilla - * bug #321584) */ + * bug #321584, fixed in 3.12, documented by #586163, in 3.13.) */ static SECItem * crypto_nickname_c_cb(SECItem *old_nickname, PRBool *cancel, void *arg) { @@ -3527,10 +3527,10 @@ pkinit_create_td_trusted_certifiers(krb5_context context, !CERT_LIST_END(node, sclist); node = CERT_LIST_NEXT(node)) { /* If we have no trust for it, we can't trust it. */ - if (cert->trust == NULL) + if (node->cert->trust == NULL) continue; /* We need to trust it to issue client certs. */ - trustf = SEC_GET_TRUST_FLAGS(cert->trust, trustSSL); + trustf = SEC_GET_TRUST_FLAGS(node->cert->trust, trustSSL); if (!(trustf & CERTDB_TRUSTED_CLIENT_CA)) continue; /* DestroyCertList frees all of the certs in the list, |