From dbadd5da6ccbb17ec5c4bbb142fdc244b4903bfb Mon Sep 17 00:00:00 2001 From: Kai Engert Date: Thu, 2 Feb 2017 16:01:01 +0100 Subject: Support loading new NSS attribute CKA_NSS_MOZILLA_CA_POLICY from .p11-kit files. See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976 and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453 --- common/constants.c | 1 + common/pkcs11x.h | 1 + trust/builder.c | 1 + trust/persist.c | 1 + 4 files changed, 4 insertions(+) diff --git a/common/constants.c b/common/constants.c index f4aa66b..2d2ca21 100644 --- a/common/constants.c +++ b/common/constants.c @@ -154,6 +154,7 @@ const p11_constant p11_constant_types[] = { CT (CKA_NSS_PQG_H, "nss-pqg-h") CT (CKA_NSS_PQG_SEED_BITS, "nss-pqg-seed-bits") CT (CKA_NSS_MODULE_SPEC, "nss-module-spec") + CT (CKA_NSS_MOZILLA_CA_POLICY, "nss-mozilla-ca-policy") CT (CKA_TRUST_DIGITAL_SIGNATURE, "trust-digital-signature") CT (CKA_TRUST_NON_REPUDIATION, "trust-non-repudiation") CT (CKA_TRUST_KEY_ENCIPHERMENT, "trust-key-encipherment") diff --git a/common/pkcs11x.h b/common/pkcs11x.h index 4a89f73..d5e1d74 100644 --- a/common/pkcs11x.h +++ b/common/pkcs11x.h @@ -74,6 +74,7 @@ extern "C" { #define CKA_NSS_PQG_H 0xce534366UL #define CKA_NSS_PQG_SEED_BITS 0xce534367UL #define CKA_NSS_MODULE_SPEC 0xce534368UL +#define CKA_NSS_MOZILLA_CA_POLICY 0xce534372UL /* NSS trust attributes */ #define CKA_TRUST_DIGITAL_SIGNATURE 0xce536351UL diff --git a/trust/builder.c b/trust/builder.c index e0ce370..5b20c79 100644 --- a/trust/builder.c +++ b/trust/builder.c @@ -792,6 +792,7 @@ const static builder_schema certificate_schema = { { CKA_CERTIFICATE_TYPE, REQUIRE | CREATE, type_ulong }, { CKA_TRUSTED, CREATE | WANT, type_bool }, { CKA_X_DISTRUSTED, CREATE | WANT, type_bool }, + { CKA_NSS_MOZILLA_CA_POLICY, CREATE | WANT, type_bool }, { CKA_CERTIFICATE_CATEGORY, CREATE | WANT, type_ulong }, { CKA_CHECK_VALUE, CREATE | WANT, }, { CKA_START_DATE, CREATE | MODIFY | WANT, type_date }, diff --git a/trust/persist.c b/trust/persist.c index de827a6..63a531e 100644 --- a/trust/persist.c +++ b/trust/persist.c @@ -200,6 +200,7 @@ format_bool (CK_ATTRIBUTE *attr, case CKA_HAS_RESET: case CKA_COLOR: case CKA_X_DISTRUSTED: + case CKA_NSS_MOZILLA_CA_POLICY: break; default: return false; -- cgit v1.1