[12155] in Kerberos-V5-bugs
[krbdev.mit.edu #6999] compile warnings,
daemon@ATHENA.MIT.EDU (nalin@redhat.com via RT)
Thu Nov 3 15:01:11 2011
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "nalin@redhat.com via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: <rt-6999@krbdev.mit.edu>
Message-ID: <rt-6999-34555.14.5337508992203@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6999'":;
Date: Thu, 3 Nov 2011 15:01:08 -0400 (EDT)
Reply-To: rt-comment@krbdev.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
diff --git a/src/configure.in b/src/configure.in
index e5de903..6aae2f5 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -162,12 +162,10 @@ nss)
CFLAGS="$CFLAGS $CRYPTO_IMPL_CFLAGS"
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
#include <nss.h>
-#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 12)
-#error
-#elif NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH < 9
+#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 13)
#error
#endif
- ])], [], [AC_MSG_ERROR([NSS version 3.12.9 or later required.])])
+ ])], [], [AC_MSG_ERROR([NSS version 3.13 or later required.])])
CFLAGS=$save_CFLAGS
;;
*)
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 7955324..1a83083 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -2190,7 +2190,7 @@ crypto_get_pem_slot(struct _pkinit_identity_crypto_context *id)
/* Resolve any ambiguities from having a duplicate nickname in the PKCS12
* bundle and in the database, or the bag not providing a nickname. Note: you
* might expect "arg" to be a wincx, but it's actually a certificate! (Mozilla
- * bug #321584) */
+ * bug #321584, fixed in 3.12, documented by #586163, in 3.13.) */
static SECItem *
crypto_nickname_c_cb(SECItem *old_nickname, PRBool *cancel, void *arg)
{
@@ -3527,10 +3527,10 @@ pkinit_create_td_trusted_certifiers(krb5_context context,
!CERT_LIST_END(node, sclist);
node = CERT_LIST_NEXT(node)) {
/* If we have no trust for it, we can't trust it. */
- if (cert->trust == NULL)
+ if (node->cert->trust == NULL)
continue;
/* We need to trust it to issue client certs. */
- trustf = SEC_GET_TRUST_FLAGS(cert->trust, trustSSL);
+ trustf = SEC_GET_TRUST_FLAGS(node->cert->trust, trustSSL);
if (!(trustf & CERTDB_TRUSTED_CLIENT_CA))
continue;
/* DestroyCertList frees all of the certs in the list,
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
