[rt-commit] r219 - in /redwax-tool/trunk: ChangeLog redwax_nss.c
rt-commit at redwax.eu
rt-commit at redwax.eu
Sun Jun 22 13:17:02 CEST 2025
Author: minfrin at redwax.eu
Date: Sun Jun 22 13:17:01 2025
New Revision: 219
Log:
Remove existing NSS certificates before importing
replacements.
Modified:
redwax-tool/trunk/ChangeLog
redwax-tool/trunk/redwax_nss.c
Modified: redwax-tool/trunk/ChangeLog
==============================================================================
--- redwax-tool/trunk/ChangeLog (original)
+++ redwax-tool/trunk/ChangeLog Sun Jun 22 13:17:01 2025
@@ -1,5 +1,8 @@
Changes with v0.9.10
+
+ *) Remove existing NSS certificates before importing
+ replacements. [Graham Leggett]
*) Add detail to NSS error messages. [Graham Leggett]
Modified: redwax-tool/trunk/redwax_nss.c
==============================================================================
--- redwax-tool/trunk/redwax_nss.c (original)
+++ redwax-tool/trunk/redwax_nss.c Sun Jun 22 13:17:01 2025
@@ -569,9 +569,34 @@
}
}
+ if (PORT_GetError() == SEC_ERROR_ADDING_CERT) {
+
+ CERTCertificate *prev = PK11_FindCertFromNickname(label, NULL);
+
+ if (prev) {
+
+ rv = SEC_DeletePermCertificate(prev);
+
+ CERT_DestroyCertificate(prev);
+
+ if (rv != SECSuccess) {
+ redwax_print_error(r, "nss-out: could not remove existing certificate with label '%s' from token '%s', skipping: %s\n",
+ label, PK11_GetTokenName(slot), PR_ErrorToName(PR_GetError()));
+ continue;
+ }
+
+ if (k) {
+ rv = PK11_ImportCertForKeyToSlot(slot, x, (char *)label, PR_TRUE, &s);
+ }
+ else {
+ rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE, label, PR_FALSE);
+ }
+
+ }
+ }
if (rv != SECSuccess) {
- redwax_print_error(r, "nss-out: could not add certificate '%s' to token '%s', skipping: %s\n",
- x->subjectName, PK11_GetTokenName(slot), PR_ErrorToName(PR_GetError()));
+ redwax_print_error(r, "nss-out: could not add certificate '%s' with label '%s' to token '%s', skipping: %s\n",
+ x->subjectName, label, PK11_GetTokenName(slot), PR_ErrorToName(PR_GetError()));
continue;
}
}
@@ -657,9 +682,28 @@
label, PR_FALSE);
}
}
+ if (PORT_GetError() == SEC_ERROR_ADDING_CERT) {
+
+ CERTCertificate *prev = PK11_FindCertFromNickname(label, NULL);
+
+ if (prev) {
+
+ rv = SEC_DeletePermCertificate(prev);
+
+ CERT_DestroyCertificate(prev);
+
+ if (rv != SECSuccess) {
+ redwax_print_error(r, "nss-out: could not remove existing intermediate certificate with label '%s' from token '%s', skipping: %s\n",
+ label, PK11_GetTokenName(slot), PR_ErrorToName(PR_GetError()));
+ continue;
+ }
+
+ rv = PK11_ImportCert(slot, x, CK_INVALID_HANDLE, label, PR_FALSE);
+ }
+ }
if (rv != SECSuccess) {
- redwax_print_error(r, "nss-out: could not add certificate '%s' to token '%s', skipping: %s\n",
- x->subjectName, PK11_GetTokenName(slot), PR_ErrorToName(PR_GetError()));
+ redwax_print_error(r, "nss-out: could not add intermediate certificate '%s' with label '%s' to token '%s', skipping: %s\n",
+ x->subjectName, label, PK11_GetTokenName(slot), PR_ErrorToName(PR_GetError()));
continue;
}
}
More information about the rt-commit
mailing list