cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: issues with pre-login to pkcs11 slots when using NSS

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Tue, 14 Jul 2009 15:20:30 +0200

On Tue July 14 2009 13:41:08 Claes Jakobsson wrote:
> I get these warnings when compiling, think they are they worth fixing?

Sure.

> nss.c:280: warning: unused parameter 'ssl'
> nss.c: In function 'nss_load_crl':
> nss.c:447: warning: implicit declaration of function
> 'ATOB_ConvertAsciiToItem'
> nss.c:447: warning: nested extern declaration of
> 'ATOB_ConvertAsciiToItem'
> nss.c: At top level:
> nss.c:472: warning: unused parameter 'sockindex'

These are AFAIK not caused by the patch. We should fix it separately.

> nss.c: In function 'SelectClientCert':
> nss.c:766: warning: ISO C90 forbids mixed declarations and code
> nss.c:775: warning: ISO C90 forbids mixed declarations and code
> nss.c:807: warning: assignment discards qualifiers from pointer target
> type

These warnings were introduced by me. It is fixed in the attached patch.

> The unused ones are related to not having
> HAVE_PK11_CREATEGENERICOBJECT set.

It should compile without warnings in both cases.

> Thanks for excellent work. I think we have a good handling of client
> certs now.

Definitely :-)

Here is what I've changed to fix warnings in the new code:

--- nss.c.orig 2009-07-14 14:18:35.300480794 +0200
+++ nss.c 2009-07-14 15:01:26.879231201 +0200
@@ -753,17 +753,17 @@ static SECStatus SelectClientCert(void *

   struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
   struct SessionHandle *data = connssl->data;
- char *nickname = connssl->client_nickname;
+ const char *nickname = connssl->client_nickname;
   SECStatus rv;

if (mod && nickname &&
0 == strncmp(nickname, pem_nickname, /* length of "PEM Token" */ 9)) {

/* use the cert/key provided by PEM reader */
- *pRetCert = NULL;
+ PK11SlotInfo *slot;
+ void *proto_win = SSL_RevealPinArg(sock);
*pRetKey = NULL;

- void *proto_win = SSL_RevealPinArg(sock);
     *pRetCert = PK11_FindCertFromNickname(nickname, proto_win);
     if (NULL == *pRetCert) {
       failf(data, "NSS: client certificate not found: %s", nickname);
@@ -772,7 +772,7 @@ static SECStatus SelectClientCert(void *
     infof(data, "NSS: Client client certificate: %s\n", nickname);
     display_cert_info(data, *pRetCert);

- PK11SlotInfo *slot = PK11_FindSlotByName(pem_slotname);
+ slot = PK11_FindSlotByName(pem_slotname);
     if (NULL == slot) {
       failf(data, "NSS: PK11 slot not found: %s", pem_slotname);
       return SECFailure;

The merged patch is attached.

Kamil

text/x-patch attachment: curl-cc_auth_hook-wless.patch

Received on 2009-07-14

This message: [ Message body ]
Next message: Mohun Biswas: "Re: questions about multi API"
Previous message: Claes Jakobsson: "Re: issues with pre-login to pkcs11 slots when using NSS"
In reply to: Claes Jakobsson: "Re: issues with pre-login to pkcs11 slots when using NSS"
Next in thread: Claes Jakobsson: "Re: issues with pre-login to pkcs11 slots when using NSS"
Reply: Claes Jakobsson: "Re: issues with pre-login to pkcs11 slots when using NSS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]