[prev in list] [next in list] [prev in thread] [next in thread]
List: rpm-cvs
Subject: [CVS] RPM: rpm-5_4: rpm/ CHANGES rpm/macros/ macros.in rpm/rpmio/ ciph...
From: "Jeff Johnson" <jbj () rpm5 ! org>
Date: 2014-04-18 18:45:57
Message-ID: 20140418184557.2CDC44BEB6 () rpm5 ! org
[Download RAW message or body]
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: jbj@rpm5.org
Module: rpm Date: 18-Apr-2014 20:45:56
Branch: rpm-5_4 Handle: 2014041818455303
Modified files: (Branch: rpm-5_4)
rpm CHANGES
rpm/macros macros.in
rpm/rpmio cipher.c librpmio.vers rpmgc.c rpmio.c
rpmiotypes.h rpmnss.c
Log:
- nss: tweak config options, run in FIPS-140-2 mode "best effort".
Summary:
Revision Changes Path
1.3501.2.363+1 -0 rpm/CHANGES
1.39.2.37 +10 -2 rpm/macros/macros.in
1.1.2.2 +98 -0 rpm/rpmio/cipher.c
2.199.2.31 +1 -0 rpm/rpmio/librpmio.vers
2.34.2.6 +2 -2 rpm/rpmio/rpmgc.c
1.230.2.12 +19 -0 rpm/rpmio/rpmio.c
1.47.2.15 +4 -1 rpm/rpmio/rpmiotypes.h
1.40.2.9 +187 -9 rpm/rpmio/rpmnss.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.3501.2.362 -r1.3501.2.363 CHANGES
--- rpm/CHANGES 17 Apr 2014 23:19:28 -0000 1.3501.2.362
+++ rpm/CHANGES 18 Apr 2014 18:45:53 -0000 1.3501.2.363
@@ -1,4 +1,5 @@
5.4.14 -> 5.4.15:
+ - jbj: nss: tweak config options, run in FIPS-140-2 mode "best effort".
- jbj: ssl: tweak config options, run in FIPS-140-2 mode "best effort".
- jbj: gcrypt: tweak config options, run in FIPS-140-2 mode always.
- jbj: pgp: permit non-repudiable signature on all crypto stacks.
@@ .
patch -p0 <<'@@ .'
Index: rpm/macros/macros.in
============================================================================
$ cvs diff -u -r1.39.2.36 -r1.39.2.37 macros.in
--- rpm/macros/macros.in 30 May 2012 19:17:04 -0000 1.39.2.36
+++ rpm/macros/macros.in 18 Apr 2014 18:45:56 -0000 1.39.2.37
@@ -1,7 +1,7 @@
#/*! \page config_macros Default configuration: @USRLIBRPM@/macros
# \verbatim
#
-# $Id: macros.in,v 1.39.2.36 2012/05/30 19:17:04 jbj Exp $
+# $Id: macros.in,v 1.39.2.37 2014/04/18 18:45:56 jbj Exp $
#
# This is a global RPM configuration file. All changes made here will
# be lost when the rpm package is upgraded. Any per-system configuration
@@ -549,7 +549,15 @@
%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search=
-%_nssdb_path /etc/pki/nssdb
+# NSS_InitContext() parameter configuration
+#
+#%_nssdb_path /etc/pki/nssdb
+%_nssdb_path /etc/pki/rpm
+%_nssdb_certprefix rpm-
+%_nssdb_keyprefix rpm-
+%_nssdb_secmodname rpm-secmod.db
+%_nssdb_flags 0
+
#==============================================================================
# ---- Transaction macros.
# Macro(s) used to parameterize transactions.
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/cipher.c
============================================================================
$ cvs diff -u -r1.1.2.1 -r1.1.2.2 cipher.c
--- rpm/rpmio/cipher.c 16 Nov 2013 18:45:55 -0000 1.1.2.1
+++ rpm/rpmio/cipher.c 18 Apr 2014 18:45:54 -0000 1.1.2.2
@@ -48,6 +48,12 @@
void * param; /*!< Cipher parameters. */
};
+/* XXX stub in a getter */
+void * _cphParam(/*@null@*/ CIPHER_CTX cph)
+{
+ return (cph ? cph->param : NULL);
+}
+
static void cphFini(void * _cph)
/*@modifies _cph @*/
{
@@ -92,6 +98,65 @@
return cph;
}
+#ifdef REFERENCE
+base64 Base 64
+ bf-cbc Blowfish in CBC mode
+ bf Alias for bf-cbc
+ bf-cfb Blowfish in CFB mode
+ bf-ecb Blowfish in ECB mode
+ bf-ofb Blowfish in OFB mode
+ cast-cbc CAST in CBC mode
+ cast Alias for cast-cbc
+ cast5-cbc CAST5 in CBC mode
+ cast5-cfb CAST5 in CFB mode
+ cast5-ecb CAST5 in ECB mode
+ cast5-ofb CAST5 in OFB mode
+ des-cbc DES in CBC mode
+ des Alias for des-cbc
+ des-cfb DES in CBC mode
+ des-ofb DES in OFB mode
+ des-ecb DES in ECB mode
+ des-ede-cbc Two key triple DES EDE in CBC mode
+ des-ede Two key triple DES EDE in ECB mode
+ des-ede-cfb Two key triple DES EDE in CFB mode
+ des-ede-ofb Two key triple DES EDE in OFB mode
+ des-ede3-cbc Three key triple DES EDE in CBC mode
+ des-ede3 Three key triple DES EDE in ECB mode
+ des3 Alias for des-ede3-cbc
+ des-ede3-cfb Three key triple DES EDE CFB mode
+ des-ede3-ofb Three key triple DES EDE in OFB mode
+ desx DESX algorithm.
+ gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
+ gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
+ idea-cbc IDEA algorithm in CBC mode
+ idea same as idea-cbc
+ idea-cfb IDEA in CFB mode
+ idea-ecb IDEA in ECB mode
+ idea-ofb IDEA in OFB mode
+ rc2-cbc 128 bit RC2 in CBC mode
+ rc2 Alias for rc2-cbc
+ rc2-cfb 128 bit RC2 in CFB mode
+ rc2-ecb 128 bit RC2 in ECB mode
+ rc2-ofb 128 bit RC2 in OFB mode
+ rc2-64-cbc 64 bit RC2 in CBC mode
+ rc2-40-cbc 40 bit RC2 in CBC mode
+ rc4 128 bit RC4
+ rc4-64 64 bit RC4
+ rc4-40 40 bit RC4
+ rc5-cbc RC5 cipher in CBC mode
+ rc5 Alias for rc5-cbc
+ rc5-cfb RC5 cipher in CFB mode
+ rc5-ecb RC5 cipher in ECB mode
+ rc5-ofb RC5 cipher in OFB mode
+ aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
+ aes-[128|192|256] Alias for aes-[128|192|256]-cbc
+ aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
+ aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
+ aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
+ aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
+ aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
+#endif
+
CIPHER_CTX
rpmCipherInit(pgpSymkeyAlgo symkeyalgo, rpmCipherFlags flags)
{
@@ -100,6 +165,39 @@
cph->symkeyalgo = symkeyalgo;
cph->flags = flags;
+ switch (symkeyalgo) {
+ case PGPSYMKEYALGO_DES:
+ cph->name = "des";
+ cph->paramsize = 64/8;
+ cph->param = DRD_xcalloc(1, cph->paramsize);
+ cph->blocksize = 0;
+ cph->keybitsmin = 0;
+ cph->keybitsmax = 0;
+ cph->keybitsinc = 0;
+ cph->Setup = NULL;
+ cph->SetIV = NULL;
+ cph->SetCTR = NULL;
+ cph->Feedback = NULL;
+ break;
+ case PGPSYMKEYALGO_PLAINTEXT:
+ case PGPSYMKEYALGO_IDEA:
+ case PGPSYMKEYALGO_TRIPLE_DES:
+ case PGPSYMKEYALGO_CAST5:
+ case PGPSYMKEYALGO_BLOWFISH:
+ case PGPSYMKEYALGO_SAFER:
+ case PGPSYMKEYALGO_DES_SK:
+ case PGPSYMKEYALGO_AES_128:
+ case PGPSYMKEYALGO_AES_192:
+ case PGPSYMKEYALGO_AES_256:
+ case PGPSYMKEYALGO_TWOFISH:
+ case PGPSYMKEYALGO_CAMELLIA_128:
+ case PGPSYMKEYALGO_CAMELLIA_192:
+ case PGPSYMKEYALGO_CAMELLIA_256:
+ case PGPSYMKEYALGO_NOENCRYPT:
+ default:
+ break;
+ }
+
DPRINTF((stderr, "==> cph %p ==== Init(%s, %x) param %p\n", cph, cph->name, flags, cph->param));
return (CIPHER_CTX)rpmioLinkPoolItem((rpmioItem)cph, __FUNCTION__, __FILE__, __LINE__);
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/librpmio.vers
============================================================================
$ cvs diff -u -r2.199.2.30 -r2.199.2.31 librpmio.vers
--- rpm/rpmio/librpmio.vers 11 Apr 2014 16:34:39 -0000 2.199.2.30
+++ rpm/rpmio/librpmio.vers 18 Apr 2014 18:45:54 -0000 2.199.2.31
@@ -617,6 +617,7 @@
_rpmnixPushOptions;
rpmnixNew;
_rpmnss_init;
+ _rpmnss_context;
rpmnssImplVecs;
_rpmperl_debug;
rpmperlNew;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmgc.c
============================================================================
$ cvs diff -u -r2.34.2.5 -r2.34.2.6 rpmgc.c
--- rpm/rpmio/rpmgc.c 17 Apr 2014 18:44:23 -0000 2.34.2.5
+++ rpm/rpmio/rpmgc.c 18 Apr 2014 18:45:55 -0000 2.34.2.6
@@ -1055,7 +1055,7 @@
/* XXX Ensure initialization is exactly once */
/* XXX TODO: make FIPS mode configurable */
if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
- rpmlog(RPMLOG_DEBUG, D_("---------- libgcrypt %s configuration:\n"), GCRYPT_VERSION);
+ rpmlog(RPMLOG_DEBUG, "---------- libgcrypt %s configuration:\n", GCRYPT_VERSION);
gc->err = rpmgcErr(gc, "SET_ENFORCED_FIPS_FLAG",
gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG) );
gc->err = rpmgcErr(gc, "FORCE_FIPS_MODE",
@@ -1103,7 +1103,7 @@
gc->err = rpmgcErr(gc, "PRINT_CONFIG",
gcry_control (GCRYCTL_PRINT_CONFIG, NULL) );
- rpmlog(RPMLOG_DEBUG, D_("----------\n"));
+ rpmlog(RPMLOG_DEBUG, "----------\n");
}
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmio.c
============================================================================
$ cvs diff -u -r1.230.2.11 -r1.230.2.12 rpmio.c
--- rpm/rpmio/rpmio.c 25 Jun 2013 16:05:00 -0000 1.230.2.11
+++ rpm/rpmio/rpmio.c 18 Apr 2014 18:45:54 -0000 1.230.2.12
@@ -3204,7 +3204,13 @@
extern "C" {
#endif
/*@-exportheader@*/
+#ifdef HAVE_NSS_INITCONTEXT
+extern void NSS_ShutdownContext(void * _nss_context);
+#else
extern void NSS_Shutdown(void);
+#endif
+extern void PL_ArenaFinish(void);
+extern void PR_Cleanup(void);
/*@=exportheader@*/
#ifdef __cplusplus
}
@@ -3212,6 +3218,9 @@
/*@unchecked@*/
int _rpmnss_init = 0;
+
+/*@unchecked@*/
+void * _rpmnss_context = NULL;
#endif
void rpmioClean(void)
@@ -3230,6 +3239,7 @@
extern rpmioPool _rpmhkpPool;
extern rpmioPool _htmlPool;
extern rpmioPool _htPool;
+ extern rpmioPool _cphPool;
extern rpmioPool _ctxPool;
extern rpmioPool _rpmsmPool;
extern rpmioPool _rpmspPool;
@@ -3273,7 +3283,15 @@
#endif
#if defined(WITH_NSS) && !defined(__LCLINT__)
if (_rpmnss_init) {
+#ifdef HAVE_NSS_INITCONTEXT
+ if (_rpmnss_context != NULL)
+ (void) NSS_ShutdownContext(_rpmnss_context);
+#else
(void) NSS_Shutdown();
+#endif
+ PL_ArenaFinish();
+ PR_Cleanup();
+ _rpmnss_context = NULL;
_rpmnss_init = 0;
}
#endif
@@ -3340,6 +3358,7 @@
_rpmmgPool = rpmioFreePool(_rpmmgPool);
_rpmbfPool = rpmioFreePool(_rpmbfPool);
_htPool = rpmioFreePool(_htPool);
+ _cphPool = rpmioFreePool(_cphPool);
_ctxPool = rpmioFreePool(_ctxPool);
_rpmsyckPool = rpmioFreePool(_rpmsyckPool);
_rpmiobPool = rpmioFreePool(_rpmiobPool);
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmiotypes.h
============================================================================
$ cvs diff -u -r1.47.2.14 -r1.47.2.15 rpmiotypes.h
--- rpm/rpmio/rpmiotypes.h 16 Nov 2013 18:45:55 -0000 1.47.2.14
+++ rpm/rpmio/rpmiotypes.h 18 Apr 2014 18:45:55 -0000 1.47.2.15
@@ -201,7 +201,8 @@
PGPSYMKEYALGO_CAMELLIA_128 = 11, /*!< CAMELLIA(128-bit key) */
PGPSYMKEYALGO_CAMELLIA_192 = 12, /*!< CAMELLIA(192-bit key) */
PGPSYMKEYALGO_CAMELLIA_256 = 13, /*!< CAMELLIA(256-bit key) */
- PGPSYMKEYALGO_NOENCRYPT = 110 /*!< no encryption */
+ PGPSYMKEYALGO_NOENCRYPT = 110, /*!< no encryption */
+ PGPSYMKEYALGO_DES = 111
} pgpSymkeyAlgo;
/*@=typeuse@*/
@@ -218,6 +219,8 @@
extern "C" {
#endif
+void * _cphParam(/*@null@*/ CIPHER_CTX cph);
+
/** \ingroup rpmpgp
* Initialize cipher context.
* Set bit count to 0 and buffer to mysterious initialization constants.
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmnss.c
============================================================================
$ cvs diff -u -r1.40.2.8 -r1.40.2.9 rpmnss.c
--- rpm/rpmio/rpmnss.c 11 Apr 2014 16:34:39 -0000 1.40.2.8
+++ rpm/rpmio/rpmnss.c 18 Apr 2014 18:45:54 -0000 1.40.2.9
@@ -3,7 +3,7 @@
*/
#include "system.h"
-#include <rpmio.h>
+#include <rpmlog.h>
#include <rpmiotypes.h>
#define _RPMPGP_INTERNAL
@@ -32,6 +32,9 @@
extern int _rpmnss_init;
/*@unchecked@*/
+extern void * _rpmnss_context;
+
+/*@unchecked@*/
static int _rpmnss_debug;
#define SPEW(_t, _rc, _dig) \
@@ -1441,15 +1444,190 @@
/*@modifies _rpmnss_init @*/
{
rpmnss nss = (rpmnss) xcalloc(1, sizeof(*nss));
- const char * _nssdb_path = rpmExpand("%{?_nssdb_path}", NULL);
-/*@-moduncon@*/
- if (_nssdb_path != NULL && *_nssdb_path == '/')
- (void) NSS_Init(_nssdb_path);
- else
- (void) NSS_NoDB_Init(NULL);
-/*@=moduncon@*/
- _nssdb_path = _free(_nssdb_path);
+#ifdef HAVE_NSS_INITCONTEXT
+ if (_rpmnss_context == NULL) {
+ const char * _configdir = rpmExpand("%{?_nssdb_path}", NULL);
+ const char * _certPrefix = rpmExpand("%{?_nssdb_certprefix}", NULL);
+ const char * _keyPrefix = rpmExpand("%{?_nssdb_keyprefix}", NULL);
+ const char * _secmodName = rpmExpand("%{?_nssdb_secmodname}", NULL);
+ NSSInitParameters _initParams;
+ uint32_t _flags = rpmExpandNumeric("%{?_nssdb_flags}");
+ int msglvl = RPMLOG_DEBUG;
+
+/* <nss3/nss.h>
+ * parameters used to initialize softoken. Mostly strings used to
+ * internationalize softoken. Memory for the strings are owned by the caller,
+ * who is free to free them once NSS_ContextInit returns. If the string
+ * parameter is NULL (as opposed to empty, zero length), then the softoken
+ * default is used. These are equivalent to the parameters for
+ * PK11_ConfigurePKCS11().
+ *
+ * field names match their equivalent parameter names for softoken strings
+ * documented at https://developer.mozilla.org/en/PKCS11_Module_Specs.
+ *
+ * minPWLen
+ * Minimum password length in bytes.
+ * manufacturerID
+ * Override the default manufactureID value for the module returned in
+ * the CK_INFO, CK_SLOT_INFO, and CK_TOKEN_INFO structures with an
+ * internationalize string (UTF8). This value will be truncated at 32
+ * bytes (not including the trailing NULL, partial UTF8 characters will be
+ * dropped).
+ * libraryDescription
+ * Override the default libraryDescription value for the module returned in
+ * the CK_INFO structure with an internationalize string (UTF8). This value
+ * will be truncated at 32 bytes(not including the trailing NULL, partial
+ * UTF8 characters will be dropped).
+ * cryptoTokenDescription
+ * Override the default label value for the internal crypto token returned
+ * in the CK_TOKEN_INFO structure with an internationalize string (UTF8).
+ * This value will be truncated at 32 bytes (not including the trailing
+ * NULL, partial UTF8 characters will be dropped).
+ * dbTokenDescription
+ * Override the default label value for the internal DB token returned in
+ * the CK_TOKEN_INFO structure with an internationalize string (UTF8). This
+ * value will be truncated at 32 bytes (not including the trailing NULL,
+ * partial UTF8 characters will be dropped).
+ * FIPSTokenDescription
+ * Override the default label value for the internal FIPS token returned in
+ * the CK_TOKEN_INFO structure with an internationalize string (UTF8). This
+ * value will be truncated at 32 bytes (not including the trailing NULL,
+ * partial UTF8 characters will be dropped).
+ * cryptoSlotDescription
+ * Override the default slotDescription value for the internal crypto token
+ * returned in the CK_SLOT_INFO structure with an internationalize string
+ * (UTF8). This value will be truncated at 64 bytes (not including the
+ * trailing NULL, partial UTF8 characters will be dropped).
+ * dbSlotDescription
+ * Override the default slotDescription value for the internal DB token
+ * returned in the CK_SLOT_INFO structure with an internationalize string
+ * (UTF8). This value will be truncated at 64 bytes (not including the
+ * trailing NULL, partial UTF8 characters will be dropped).
+ * FIPSSlotDescription
+ * Override the default slotDecription value for the internal FIPS token
+ * returned in the CK_SLOT_INFO structure with an internationalize string
+ * (UTF8). This value will be truncated at 64 bytes (not including the
+ * trailing NULL, partial UTF8 characters will be dropped).
+ *
+ */
+ memset((void *) &_initParams, '\0', sizeof(_initParams));
+ _initParams.length = sizeof(_initParams);
+
+/* <nss3/nss.h>
+ * Open the Cert, Key, and Security Module databases, read/write.
+ * Initialize the Random Number Generator.
+ * Does not initialize the cipher policies or enables.
+ * Default policy settings disallow all ciphers.
+ *
+ * This allows using application defined prefixes for the cert and key db's
+ * and an alternate name for the secmod database. NOTE: In future releases,
+ * the database prefixes my not necessarily map to database names.
+ *
+ * configdir - base directory where all the cert, key, and module datbases live.
+ * certPrefix - prefix added to the beginning of the cert database example: "
+ * "https-server1-"
+ * keyPrefix - prefix added to the beginning of the key database example: "
+ * "https-server1-"
+ * secmodName - name of the security module database (usually "secmod.db").
+ * flags - change the open options of NSS_Initialize as follows:
+ * NSS_INIT_READONLY - Open the databases read only.
+ * NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just
+ * initialize the volatile certdb.
+ * NSS_INIT_NOMODDB - Don't open the security module DB, just
+ * initialize the PKCS #11 module.
+ * NSS_INIT_FORCEOPEN - Continue to force initializations even if the
+ * databases cannot be opened.
+ * NSS_INIT_NOROOTINIT - Don't try to look for the root certs module
+ * automatically.
+ * NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches.
+ * NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are
+ * thread-safe, ie. that support locking - either OS
+ * locking or NSS-provided locks . If a PKCS#11
+ * module isn't thread-safe, don't serialize its
+ * calls; just don't load it instead. This is necessary
+ * if another piece of code is using the same PKCS#11
+ * modules that NSS is accessing without going through
+ * NSS, for example the Java SunPKCS11 provider.
+ * NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
+ * error when loading PKCS#11 modules. This is necessary
+ * if another piece of code is using the same PKCS#11
+ * modules that NSS is accessing without going through
+ * NSS, for example Java SunPKCS11 provider.
+ * NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any
+ * PKCS#11 module. This may be necessary in order to
+ * ensure continuous operation and proper shutdown
+ * sequence if another piece of code is using the same
+ * PKCS#11 modules that NSS is accessing without going
+ * through NSS, for example Java SunPKCS11 provider.
+ * The following limitation applies when this is set :
+ * SECMOD_WaitForAnyTokenEvent will not use
+ * C_WaitForSlotEvent, in order to prevent the need for
+ * C_Finalize. This call will be emulated instead.
+ * NSS_INIT_RESERVED - Currently has no effect, but may be used in the
+ * future to trigger better cooperation between PKCS#11
+ * modules used by both NSS and the Java SunPKCS11
+ * provider. This should occur after a new flag is defined
+ * for C_Initialize by the PKCS#11 working group.
+ * NSS_INIT_COOPERATE - Sets 4 recommended options for applications that
+ * use both NSS and the Java SunPKCS11 provider.
+ *
+ * Also NOTE: This is not the recommended method for initializing NSS.
+ * The preferred method is NSS_init().
+ */
+ _flags |= NSS_INIT_READONLY;
+ if (_configdir == NULL || *_configdir != '/') {
+ _configdir = _free(_configdir);
+ _flags |= NSS_INIT_NOCERTDB;
+ _flags |= NSS_INIT_NOMODDB;
+ _flags |= NSS_INIT_FORCEOPEN;
+ _flags |= NSS_INIT_NOROOTINIT;
+ _flags |= NSS_INIT_OPTIMIZESPACE;
+ }
+ /* NSS_INIT_PK11THREADSAFE */
+ /* NSS_INIT_PK11RELOAD */
+ /* NSS_INIT_NOPK11FINALIZE */
+ /* NSS_INIT_RESERVED */
+ /* NSS_INIT_COOPERATE (is all of the above) */
+
+ rpmlog(msglvl, "---------- NSS %s configuration:\n", NSS_VERSION);
+ rpmlog(msglvl, " version: %s\n", NSS_GetVersion());
+ rpmlog(msglvl, " configdir: %s\n", _configdir);
+ rpmlog(msglvl, "certPrefix: %s\n", _certPrefix);
+ rpmlog(msglvl, " keyPrefix: %s\n", _keyPrefix);
+ rpmlog(msglvl, "secmodName: %s\n", _secmodName);
+ rpmlog(msglvl, " flags: 0x%x\n", _flags);
+ rpmlog(msglvl, "----------\n");
+
+ _rpmnss_context = (void *) NSS_InitContext(_configdir,
+ _certPrefix, _keyPrefix, _secmodName, &_initParams, _flags);
+
+ _configdir = _free(_configdir);
+ _certPrefix = _free(_certPrefix);
+ _keyPrefix = _free(_keyPrefix);
+ _secmodName = _free(_secmodName);
+assert(_rpmnss_context != NULL);
+#ifdef NOTYET
+ NSS_ShutdownFunc _sFunc = foo;
+ void * _appData = bar;
+ SECStatus rv;
+ rv = NSS_RegisterShutdown(_sFunc, _appData);
+ rv = NSS_UnregisterShutdown(_sFunc, _appData);
+#endif
+
+ }
+#else
+ if (!NSS_IsInitialized()) {
+ const char * _configdir = rpmExpand("%{?_nssdb_path}", NULL);
+ SECStatus rv;
+ if (_configdir != NULL && *_configdir == '/')
+ rv = NSS_Init(_configdir);
+ else
+ rv NSS_NoDB_Init(NULL);
+ _configdir = _free(_configdir);
+assert(rv == SECSuccess);
+ }
+#endif
_rpmnss_init = 1;
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic