robd wrote:
I encountered a nasty bug while importing a PKCS12 file that doesn't
contain a friendly name. I am testing a PKCS #10 provider that I am
developing and I try to import the PKCS12 file into the token of my
provider. The first time is successfull with Firefox generating an
internal nickname of "Imported Certificate". The second import throws
Firefox into an endless loop. The problem is that Firefox generates a
nickname by looking in the internal token to see if the nickname is
unique, then when importing into my token it realizes the nickname is
not unique, retries generating a nickname but it is the same as last
time, etc.
So I believe this is the code in question:
668 int count = 1;
669 nsCString nickname;
670 nsAutoString nickFromProp;
671 nssComponent->GetPIPNSSBundleString("P12DefaultNickname",
nickFromProp);
672 NS_ConvertUTF16toUTF8 nickFromPropC(nickFromProp);
...
684 while (1) {
///
697 if (count > 1) {
698 nickname.Adopt(PR_smprintf("%s #%d", nickFromPropC.get(), count));
699 } else {
700 nickname = nickFromPropC;
701 }
702 CERTCertificate *cert =
CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
703
NS_CONST_CAST(char*,nickname.get()));
704 if (!cert) {
705 break;
706 }
707 CERT_DestroyCertificate(cert);
708 count++;
709 }
It seems that CERT_FindCertByNickname does not look in your token
for a cert with the constructed nickname.
(You are trying to import the PKCS12 file into your token, right?)
Bob, is this possible?
Wan-Teh
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
