You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
105 lines
3.6 KiB
105 lines
3.6 KiB
3 months ago
|
diff -up ./lib/certhigh/certvfypkix.c.revert_libpkix ./lib/certhigh/certvfypkix.c
|
||
|
--- ./lib/certhigh/certvfypkix.c.revert_libpkix 2024-06-07 09:26:03.000000000 -0700
|
||
|
+++ ./lib/certhigh/certvfypkix.c 2024-07-05 13:18:34.285174699 -0700
|
||
|
@@ -39,7 +39,7 @@ pkix_pl_lifecycle_ObjectTableUpdate(int
|
||
|
PRInt32 parallelFnInvocationCount;
|
||
|
#endif /* PKIX_OBJECT_LEAK_TEST */
|
||
|
|
||
|
-static PRBool usePKIXValidationEngine = PR_TRUE;
|
||
|
+static PRBool usePKIXValidationEngine = PR_FALSE;
|
||
|
#endif /* NSS_DISABLE_LIBPKIX */
|
||
|
|
||
|
/*
|
||
|
diff -up ./lib/nss/nssinit.c.revert_libpkix ./lib/nss/nssinit.c
|
||
|
--- ./lib/nss/nssinit.c.revert_libpkix 2024-06-07 09:26:03.000000000 -0700
|
||
|
+++ ./lib/nss/nssinit.c 2024-07-05 13:18:34.285174699 -0700
|
||
|
@@ -764,9 +764,9 @@ nss_Init(const char *configdir, const ch
|
||
|
if (pkixError != NULL) {
|
||
|
goto loser;
|
||
|
} else {
|
||
|
- char *ev = PR_GetEnvSecure("NSS_DISABLE_PKIX_VERIFY");
|
||
|
+ char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY");
|
||
|
if (ev && ev[0]) {
|
||
|
- CERT_SetUsePKIXForValidation(PR_FALSE);
|
||
|
+ CERT_SetUsePKIXForValidation(PR_TRUE);
|
||
|
}
|
||
|
}
|
||
|
#endif /* NSS_DISABLE_LIBPKIX */
|
||
|
diff -up ./tests/all.sh.revert_libpkix ./tests/all.sh
|
||
|
--- ./tests/all.sh.revert_libpkix 2024-06-07 09:26:03.000000000 -0700
|
||
|
+++ ./tests/all.sh 2024-07-05 13:18:34.285174699 -0700
|
||
|
@@ -143,9 +143,6 @@ run_cycle_standard()
|
||
|
{
|
||
|
TEST_MODE=STANDARD
|
||
|
|
||
|
- NSS_DISABLE_LIBPKIX_VERIFY="1"
|
||
|
- export NSS_DISABLE_LIBPKIX_VERIFY
|
||
|
-
|
||
|
TESTS="${ALL_TESTS}"
|
||
|
TESTS_SKIP="libpkix pkits"
|
||
|
|
||
|
@@ -153,8 +150,6 @@ run_cycle_standard()
|
||
|
export NSS_DEFAULT_DB_TYPE
|
||
|
|
||
|
run_tests
|
||
|
-
|
||
|
- unset NSS_DISABLE_LIBPKIX_VERIFY
|
||
|
}
|
||
|
|
||
|
############################ run_cycle_pkix ############################
|
||
|
@@ -172,6 +167,9 @@ run_cycle_pkix()
|
||
|
mkdir -p "${HOSTDIR}"
|
||
|
init_directories
|
||
|
|
||
|
+ NSS_ENABLE_PKIX_VERIFY="1"
|
||
|
+ export NSS_ENABLE_PKIX_VERIFY
|
||
|
+
|
||
|
TESTS="${ALL_TESTS}"
|
||
|
TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit"
|
||
|
|
||
|
diff -up ./tests/common/init.sh.revert_libpkix ./tests/common/init.sh
|
||
|
--- ./tests/common/init.sh.revert_libpkix 2024-06-07 09:26:03.000000000 -0700
|
||
|
+++ ./tests/common/init.sh 2024-07-05 13:18:34.285174699 -0700
|
||
|
@@ -140,8 +140,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
|
||
|
echo "NSS_SSL_RUN=\"${NSS_SSL_RUN}\""
|
||
|
echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}"
|
||
|
echo "export NSS_DEFAULT_DB_TYPE"
|
||
|
- echo "NSS_DISABLE_PKIX_VERIFY=${NSS_DISABLE_PKIX_VERIFY}"
|
||
|
- echo "export NSS_DISABLE_PKIX_VERIFY"
|
||
|
+ echo "NSS_ENABLE_PKIX_VERIFY=${NSS_ENABLE_PKIX_VERIFY}"
|
||
|
+ echo "export NSS_ENABLE_PKIX_VERIFY"
|
||
|
echo "init_directories"
|
||
|
}
|
||
|
|
||
|
diff -up ./tests/ssl/ssl.sh.revert_libpkix ./tests/ssl/ssl.sh
|
||
|
--- ./tests/ssl/ssl.sh.revert_libpkix 2024-07-05 13:18:34.267174492 -0700
|
||
|
+++ ./tests/ssl/ssl.sh 2024-07-05 13:23:15.295402481 -0700
|
||
|
@@ -971,8 +971,9 @@ ssl_policy_pkix_ocsp()
|
||
|
return 0
|
||
|
fi
|
||
|
|
||
|
- PKIX_SAVE=${NSS_DISABLE_LIBPKIX_VERIFY-"unset"}
|
||
|
- unset NSS_DISABLE_LIBPKIX_VERIFY
|
||
|
+ PKIX_SAVE=${NSS_ENABLE_PKIX_VERIFY-"unset"}
|
||
|
+ NSS_ENABLE_PKIX_VERIFY="1"
|
||
|
+ export NSS_ENABLE_PKIX_VERIFY
|
||
|
|
||
|
testname=""
|
||
|
|
||
|
@@ -997,10 +998,12 @@ ssl_policy_pkix_ocsp()
|
||
|
html_msg $RET $RET_EXP "${testname}" \
|
||
|
"produced a returncode of $RET, expected is $RET_EXP"
|
||
|
|
||
|
- if [ "{PKIX_SAVE}" != "unset" ]; then
|
||
|
- export NSS_DISABLE_LIBPKIX_VERIFY=${PKIX_SAVE}
|
||
|
+ if [ "${PKIX_SAVE}" = "unset" ]; then
|
||
|
+ unset NSS_ENABLE_PKIX_VERIFY
|
||
|
+ else
|
||
|
+ NSS_ENABLE_PKIX_VERIFY=${PKIX_SAVE}
|
||
|
+ export NSS_ENABLE_PKIX_VERIFY
|
||
|
fi
|
||
|
-
|
||
|
cp ${P_R_SERVERDIR}/pkcs11.txt.sav ${P_R_SERVERDIR}/pkcs11.txt
|
||
|
|
||
|
html "</TABLE><BR>"
|