From ad4c6b4996004e1ccfacacf37f50bb1052382a89 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 1 Nov 2010 18:55:44 -0400 Subject: [PATCH 098/150] - correct some comments - fix quoting of configDirs, i think --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 20 +++++++++++--------- 1 files changed, 11 insertions(+), 9 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 87758d2..4dd99b6 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -1199,9 +1199,9 @@ oakley_get_group(PLArenaPool *pool, int minimum_prime_size) /* Create DH parameters to be sent to the KDC. On success, dh_params should * contain an encoded DomainParameters structure (per RFC3280, the "parameters" * in an AlgorithmIdentifier), and dh_pubkey should contain the public value - * we're prepared to send to the KDC, encoded first as an integer and then - * wrapped up in a bit string (per RFC3280, the "subjectPublicKey" field of a - * SubjectPublicKeyInfo). */ + * we're prepared to send to the KDC, encoded as an integer (per RFC3280, the + * "subjectPublicKey" field of a SubjectPublicKeyInfo -- the integer is wrapped + * up into a bitstring elsewhere). */ krb5_error_code client_create_dh(krb5_context context, pkinit_plg_crypto_context plg_cryptoctx, @@ -1740,6 +1740,9 @@ create_krb5_trustedCertifiers(krb5_context context, return 0; } +/* Add a certificate to a list if it isn't already in the list. Since we take + * ownership of the cert, if it's already in the list, delete this reference to + * it. */ static SECStatus cert_maybe_add_to_list(CERTCertList *list, CERTCertificate *cert) { @@ -1881,7 +1884,7 @@ cert_load_certs_with_keys_from_slot(krb5_context context, key = PK11_FindPrivateKeyFromCert(slot, cnode->cert, crypto_pwcb_prep(id, context)); if (key == NULL) { - pkiDebug("%s: no key for \"%s\"\n", + pkiDebug("%s: no key for \"%s\", skipping it\n", __FUNCTION__, cnode->cert->nickname ? cnode->cert->nickname : "(no name)"); @@ -2203,10 +2206,9 @@ crypto_load_files(krb5_context context, } } /* Add any certs which are in the slot now, but which weren't - * before, and for which we have keys, to the right list of - * certs. (We don't have an API to get the certificate from - * the generic object that we just created, so we have to do it - * the hard way.) */ + * before, to the right list of certs. (We don't have an API + * to get the certificate from the generic object that we just + * created, so we have to do it the hard way.) */ after = PK11_ListCertsInSlot(slot); if (after != NULL) { for (anode = CERT_LIST_HEAD(after); @@ -2366,7 +2368,7 @@ crypto_load_certdb(krb5_context context, j = strlen(p); for (i = 0; configdir[i] != '\0'; i++) { if (configdir[i] == '\'') { - p[j++] = '\''; + p[j++] = '\\'; } p[j++] = configdir[i]; } -- 1.7.6.4