[rt-commit] r121 - in /redwax-tool/trunk: ChangeLog redwax_nss.c

rt-commit at redwax.eu rt-commit at redwax.eu
Thu Dec 9 20:05:48 CET 2021 

Author: minfrin at redwax.eu
Date: Thu Dec  9 20:05:47 2021
New Revision: 121

Log:
Check if certificates already exist before attempting write to
NSS if --auto-out has been set.

Modified:
    redwax-tool/trunk/ChangeLog
    redwax-tool/trunk/redwax_nss.c

Modified: redwax-tool/trunk/ChangeLog
==============================================================================
--- redwax-tool/trunk/ChangeLog	(original)
+++ redwax-tool/trunk/ChangeLog	Thu Dec  9 20:05:47 2021
@@ -1,5 +1,8 @@
 
 Changes with v0.9.1
+
+ *) Check if certificates already exist before attempting write to
+    NSS if --auto-out has been set. [Graham Leggett]
 
  *) Read the pkcs11 label on certificates. [Graham Leggett]
 

Modified: redwax-tool/trunk/redwax_nss.c
==============================================================================
--- redwax-tool/trunk/redwax_nss.c	(original)
+++ redwax-tool/trunk/redwax_nss.c	Thu Dec  9 20:05:47 2021
@@ -496,6 +496,26 @@
             apr_pool_cleanup_register(pool, x, cleanup_cert,
                     apr_pool_cleanup_null);
 
+            if (r->auto_out) {
+
+                CERTCertificate *xx;
+
+                xx = PK11_FindCertFromDERCert(slot, x, &s);
+
+                if (xx) {
+
+                    redwax_print_error(r,
+                            "Warning: nss-out: certificate '%s' already exists, skipping.\n",
+                            x->subjectName);
+
+                    apr_pool_cleanup_register(pool, xx, cleanup_cert,
+                            apr_pool_cleanup_null);
+
+                    continue;
+                }
+
+            }
+
             if (!label) {
                 if (cert->label) {
                     label = apr_pstrndup(pool, cert->label, cert->label_len);
@@ -580,6 +600,26 @@
             apr_pool_cleanup_register(pool, x, cleanup_cert,
                     apr_pool_cleanup_null);
 
+            if (r->auto_out) {
+
+                CERTCertificate *xx;
+
+                xx = PK11_FindCertFromDERCert(slot, x, &s);
+
+                if (xx) {
+
+                    redwax_print_error(r,
+                            "Warning: nss-out: intermediate '%s' already exists, skipping.\n",
+                            x->subjectName);
+
+                    apr_pool_cleanup_register(pool, xx, cleanup_cert,
+                            apr_pool_cleanup_null);
+
+                    continue;
+                }
+
+            }
+
             redwax_print_error(r, "nss-out: intermediate: %s\n", x->subjectName);
 
             if (cert->label) {
@@ -642,6 +682,26 @@
 
             apr_pool_cleanup_register(pool, x, cleanup_cert,
                     apr_pool_cleanup_null);
+
+            if (r->auto_out) {
+
+                CERTCertificate *xx;
+
+                xx = PK11_FindCertFromDERCert(slot, x, &s);
+
+                if (xx) {
+
+                    redwax_print_error(r,
+                            "Warning: nss-out: trusted '%s' already exists, skipping.\n",
+                            x->subjectName);
+
+                    apr_pool_cleanup_register(pool, xx, cleanup_cert,
+                            apr_pool_cleanup_null);
+
+                    continue;
+                }
+
+            }
 
             redwax_print_error(r, "nss-out: trusted: %s\n", x->subjectName);

More information about the rt-commit mailing list