diff --git a/smime/gui/cert-trust-dialog.c b/smime/gui/cert-trust-dialog.c index 9c87c66..66ce69b 100644 --- a/smime/gui/cert-trust-dialog.c +++ b/smime/gui/cert-trust-dialog.c @@ -73,7 +73,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data) e_cert_trust_add_peer_trust (&trust, FALSE, gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (data->trust_button)), FALSE); - CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust); + e_cert_db_change_cert_trust (icert, &trust); break; case GTK_RESPONSE_ACCEPT: { /* just *what on earth* was chris thinking here!?!?! copied from certificate-manager.c */ @@ -101,7 +101,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data) trust_email, trust_objsign); - CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), icert, &trust); + e_cert_db_change_cert_trust (icert, &trust); } gtk_widget_destroy (dialog); diff --git a/smime/gui/certificate-manager.c b/smime/gui/certificate-manager.c index d0823b8..5a5b204 100644 --- a/smime/gui/certificate-manager.c +++ b/smime/gui/certificate-manager.c @@ -679,7 +679,7 @@ edit_ca (GtkWidget *widget, CertificateManagerData *cfm) trust_email, trust_objsign); - CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust); + e_cert_db_change_cert_trust (icert, &trust); } gtk_widget_destroy (dialog); @@ -1097,18 +1097,13 @@ certificate_manager_config_new (EPreferencesWindow *window) GtkWidget *parent; GtkWidget *widget; CertificateManagerData *cfm_data; - PK11SlotInfo* slot; - ECertDB *cert_db; shell = e_preferences_window_get_shell (window); g_return_val_if_fail (E_IS_SHELL (shell), NULL); /* We need to peek the db here to make sure it (and NSS) are fully initialized. */ - - cert_db = e_cert_db_peek(); - slot = PK11_GetInternalKeySlot(); - e_cert_db_login_to_slot(cert_db, slot); + e_cert_db_peek (); cfm_data = g_new0 (CertificateManagerData, 1); diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c index 2e23df2..48458fa 100644 --- a/smime/lib/e-cert-db.c +++ b/smime/lib/e-cert-db.c @@ -936,7 +936,18 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error) nickname, &trust); - if (srv != SECSuccess && PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) { + /* + If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems + that the import *has* worked, but the setting of trust bits + failed -- so only set the trust. This *has* to be an NSS bug? + */ + if (srv != SECSuccess && + PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN && + e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + tmpCert, &trust); + + if (srv != SECSuccess) { set_nss_error (error); return FALSE; } @@ -971,6 +982,27 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error) return TRUE; } } +gboolean e_cert_db_change_cert_trust(CERTCertificate *cert, CERTCertTrust *trust) +{ + SECStatus srv; + + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + cert, trust); + if (srv != SECSuccess && + PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN && + e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) + srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), + cert, trust); + + if (srv != SECSuccess) { + glong err = PORT_GetError (); + g_warning ("CERT_ChangeCertTrust() failed: %s\n", + nss_error_to_string(err)); + return FALSE; + } + return TRUE; +} + /* deleting certificates */ gboolean @@ -998,8 +1030,7 @@ e_cert_db_delete_cert (ECertDB *certdb, CERTCertTrust trust; e_cert_trust_init_with_values (&trust, 0, 0, 0); - CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), - cert, &trust); + e_cert_db_change_cert_trust (cert, &trust); } return TRUE; diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h index 7d5f185..6e1bc5a 100644 --- a/smime/lib/e-cert-db.h +++ b/smime/lib/e-cert-db.h @@ -142,4 +142,7 @@ gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db, gboolean e_cert_db_login_to_slot (ECertDB *cert_db, PK11SlotInfo *slot); +gboolean e_cert_db_change_cert_trust (CERTCertificate *cert, + CERTCertTrust *trust); + #endif /* _E_CERT_DB_H_ */