summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKai Engert <kaie@kuix.de>2017-02-02 16:01:01 +0100
committerDaiki Ueno <ueno@gnu.org>2017-02-16 12:53:54 +0100
commitdbadd5da6ccbb17ec5c4bbb142fdc244b4903bfb (patch)
tree22bed5f0da9cc3d0e6ff8b7578bc85645a79f345
parentee740e904030c3fb2640f524014474a510dda7eb (diff)
Support loading new NSS attribute CKA_NSS_MOZILLA_CA_POLICY from .p11-kit files.
See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976 and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453
-rw-r--r--common/constants.c1
-rw-r--r--common/pkcs11x.h1
-rw-r--r--trust/builder.c1
-rw-r--r--trust/persist.c1
4 files changed, 4 insertions, 0 deletions
diff --git a/common/constants.c b/common/constants.c
index f4aa66b..2d2ca21 100644
--- a/common/constants.c
+++ b/common/constants.c
@@ -154,6 +154,7 @@ const p11_constant p11_constant_types[] = {
CT (CKA_NSS_PQG_H, "nss-pqg-h")
CT (CKA_NSS_PQG_SEED_BITS, "nss-pqg-seed-bits")
CT (CKA_NSS_MODULE_SPEC, "nss-module-spec")
+ CT (CKA_NSS_MOZILLA_CA_POLICY, "nss-mozilla-ca-policy")
CT (CKA_TRUST_DIGITAL_SIGNATURE, "trust-digital-signature")
CT (CKA_TRUST_NON_REPUDIATION, "trust-non-repudiation")
CT (CKA_TRUST_KEY_ENCIPHERMENT, "trust-key-encipherment")
diff --git a/common/pkcs11x.h b/common/pkcs11x.h
index 4a89f73..d5e1d74 100644
--- a/common/pkcs11x.h
+++ b/common/pkcs11x.h
@@ -74,6 +74,7 @@ extern "C" {
#define CKA_NSS_PQG_H 0xce534366UL
#define CKA_NSS_PQG_SEED_BITS 0xce534367UL
#define CKA_NSS_MODULE_SPEC 0xce534368UL
+#define CKA_NSS_MOZILLA_CA_POLICY 0xce534372UL
/* NSS trust attributes */
#define CKA_TRUST_DIGITAL_SIGNATURE 0xce536351UL
diff --git a/trust/builder.c b/trust/builder.c
index e0ce370..5b20c79 100644
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -792,6 +792,7 @@ const static builder_schema certificate_schema = {
{ CKA_CERTIFICATE_TYPE, REQUIRE | CREATE, type_ulong },
{ CKA_TRUSTED, CREATE | WANT, type_bool },
{ CKA_X_DISTRUSTED, CREATE | WANT, type_bool },
+ { CKA_NSS_MOZILLA_CA_POLICY, CREATE | WANT, type_bool },
{ CKA_CERTIFICATE_CATEGORY, CREATE | WANT, type_ulong },
{ CKA_CHECK_VALUE, CREATE | WANT, },
{ CKA_START_DATE, CREATE | MODIFY | WANT, type_date },
diff --git a/trust/persist.c b/trust/persist.c
index de827a6..63a531e 100644
--- a/trust/persist.c
+++ b/trust/persist.c
@@ -200,6 +200,7 @@ format_bool (CK_ATTRIBUTE *attr,
case CKA_HAS_RESET:
case CKA_COLOR:
case CKA_X_DISTRUSTED:
+ case CKA_NSS_MOZILLA_CA_POLICY:
break;
default:
return false;