diff --git a/smime/gui/cert-trust-dialog.c b/smime/gui/cert-trust-dialog.c index 9c87c66..66ce69b 100644 --- a/smime/gui/cert-trust-dialog.c +++ b/smime/gui/cert-trust-dialog.c @@ -73,7 +73,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data) e_cert_trust_add_peer_trust (&trust, FALSE, gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (data->trust_button)), FALSE); - CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust); + e_cert_db_change_cert_trust (icert, &trust); break; case GTK_RESPONSE_ACCEPT: { /* just *what on earth* was chris thinking here!?!?! copied from certificate-manager.c */ @@ -101,7 +101,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data) trust_email, trust_objsign); - CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), icert, &trust); + e_cert_db_change_cert_trust (icert, &trust); } gtk_widget_destroy (dialog); diff --git a/smime/gui/certificate-manager.c b/smime/gui/certificate-manager.c index f0c68f2..a59b54e 100644 --- a/smime/gui/certificate-manager.c +++ b/smime/gui/certificate-manager.c @@ -592,7 +592,7 @@ edit_ca (GtkWidget *widget, CertificateManagerData *cfm) trust_email, trust_objsign); - CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust); + e_cert_db_change_cert_trust (icert, &trust); } gtk_widget_destroy (dialog); @@ -1000,15 +1000,11 @@ certificate_manager_config_init (EShell *shell) CertificateManagerData *cfm_data; GtkWidget *preferences_window; GtkWidget *widget; - PK11SlotInfo* slot; - ECertDB *cert_db; g_return_if_fail (E_IS_SHELL (shell)); /* We need to peek the db here to make sure it (and NSS) are fully initialized. */ - cert_db = e_cert_db_peek(); - slot = PK11_GetInternalKeySlot(); - e_cert_db_login_to_slot(cert_db, slot); + e_cert_db_peek (); cfm_data = g_new0 (CertificateManagerData, 1); diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c index 52545f3..c3517ba 100644 --- a/smime/lib/e-cert-db.c +++ b/smime/lib/e-cert-db.c @@ -66,6 +66,7 @@ #include "p12plcy.h" #include "pk11func.h" #include "nssckbi.h" +#include #include "secmod.h" #include "certdb.h" #include "plstr.h" @@ -716,6 +717,16 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error) srv = CERT_AddTempCertToPerm(tmpCert, nickname, &trust); + /* + If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems + that the import *has* worked, but the setting of trust bits + failed -- so only set the trust. This *has* to be an NSS bug? + */ + if (srv != SECSuccess && + PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN && + e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + tmpCert, &trust); if (srv != SECSuccess) { /* XXX gerror */ @@ -752,6 +763,23 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error) return TRUE; } } +gboolean e_cert_db_change_cert_trust(CERTCertificate *cert, CERTCertTrust *trust) +{ + SECStatus srv; + + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + cert, trust); + if (srv != SECSuccess && + PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN && + e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + cert, trust); + + if (srv != SECSuccess) + return FALSE; + return TRUE; +} + /* deleting certificates */ gboolean @@ -779,8 +807,7 @@ e_cert_db_delete_cert (ECertDB *certdb, CERTCertTrust trust; e_cert_trust_init_with_values (&trust, 0, 0, 0); - srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), - cert, &trust); + srv = e_cert_db_change_cert_trust (cert, &trust); } /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("cert deleted: %d", srv));*/ diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h index 0e19e00..25c8dfd 100644 --- a/smime/lib/e-cert-db.h +++ b/smime/lib/e-cert-db.h @@ -135,4 +135,7 @@ gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db, gboolean e_cert_db_login_to_slot (ECertDB *cert_db, PK11SlotInfo *slot); +gboolean e_cert_db_change_cert_trust (CERTCertificate *cert, + CERTCertTrust *trust); + #endif /* _E_CERT_DB_H_ */