static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
{
#ifdef HAVE_NSS_INITCONTEXT
NSSInitParameters initparams;
if(nss_context != NULL)
return CURLE_OK;
memset((void *) &initparams, '\0', sizeof(initparams));
initparams.length = sizeof(initparams);
#else /* HAVE_NSS_INITCONTEXT */
SECStatus rv;
if(NSS_IsInitialized())
return CURLE_OK;
#endif
if(cert_dir) {
const bool use_sql = NSS_VersionCheck("3.12.0");
char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
if(!certpath)
return CURLE_OUT_OF_MEMORY;
infof(data, "Initializing NSS with certpath: %s\n", certpath);
#ifdef HAVE_NSS_INITCONTEXT
nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
free(certpath);
if(nss_context != NULL)
return CURLE_OK;
#else /* HAVE_NSS_INITCONTEXT */
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
free(certpath);
if(rv == SECSuccess)
return CURLE_OK;
#endif
infof(data, "Unable to initialize NSS database\n");
}
infof(data, "Initializing NSS with certpath: none\n");
#ifdef HAVE_NSS_INITCONTEXT
nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
| NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
| NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
if(nss_context != NULL)
return CURLE_OK;
#else /* HAVE_NSS_INITCONTEXT */
if(NSS_NoDB_Init(NULL) == SECSuccess)
return CURLE_OK;
#endif
infof(data, "Unable to initialize NSS\n");
return CURLE_SSL_CACERT_BADFILE;
}
static int nss_hash_init(void **pctx, SECOidTag hash_alg)
{
PK11Context *ctx;
/* we have to initialize NSS if not initialized alraedy */
#ifdef HAVE_NSS_INITCONTEXT
if(!NSS_IsInitialized() && !nss_context) {
static NSSInitParameters params;
params.length = sizeof params;
nss_context = NSS_InitContext("", "", "", "", ¶ms, NSS_INIT_READONLY
| NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
| NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
}
#endif
ctx = PK11_CreateDigestContext(hash_alg);
if(!ctx)
return /* failure */ 0;
if(PK11_DigestBegin(ctx) != SECSuccess) {
PK11_DestroyContext(ctx, PR_TRUE);
return /* failure */ 0;
}
*pctx = ctx;
return /* success */ 1;
}
static void
load_nss (GsdSmartcardManager *self)
{
GsdSmartcardManagerPrivate *priv = self->priv;
NSSInitContext *context = NULL;
/* The first field in the NSSInitParameters structure
* is the size of the structure. NSS requires this, so
* that it can change the size of the structure in future
* versions of NSS in a detectable way
*/
NSSInitParameters parameters = { sizeof (parameters), };
static const guint32 flags = NSS_INIT_READONLY
| NSS_INIT_FORCEOPEN
| NSS_INIT_NOROOTINIT
| NSS_INIT_OPTIMIZESPACE
| NSS_INIT_PK11RELOAD;
g_debug ("attempting to load NSS database '%s'",
GSD_SMARTCARD_MANAGER_NSS_DB);
PR_Init (PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
context = NSS_InitContext (GSD_SMARTCARD_MANAGER_NSS_DB,
"", "", SECMOD_DB, ¶meters, flags);
if (context == NULL) {
gsize error_message_size;
char *error_message;
error_message_size = PR_GetErrorTextLength ();
if (error_message_size == 0) {
g_debug ("NSS security system could not be initialized");
} else {
error_message = g_alloca (error_message_size);
PR_GetErrorText (error_message);
g_debug ("NSS security system could not be initialized - %s",
error_message);
}
priv->nss_context = NULL;
return;
}
g_debug ("NSS database '%s' loaded", GSD_SMARTCARD_MANAGER_NSS_DB);
priv->nss_context = context;
}
static NSSInitContext *gtkhash_hash_lib_nss_init_context(void)
{
PRUint32 flags = NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB;
return NSS_InitContext(NULL, "", "", "", NULL, flags);
}
