diff -up ./lib/certhigh/certvfypkix.c.revert_libpkix ./lib/certhigh/certvfypkix.c --- ./lib/certhigh/certvfypkix.c.revert_libpkix 2024-06-07 09:26:03.000000000 -0700 +++ ./lib/certhigh/certvfypkix.c 2024-07-05 13:18:34.285174699 -0700 @@ -39,7 +39,7 @@ pkix_pl_lifecycle_ObjectTableUpdate(int PRInt32 parallelFnInvocationCount; #endif /* PKIX_OBJECT_LEAK_TEST */ -static PRBool usePKIXValidationEngine = PR_TRUE; +static PRBool usePKIXValidationEngine = PR_FALSE; #endif /* NSS_DISABLE_LIBPKIX */ /* diff -up ./lib/nss/nssinit.c.revert_libpkix ./lib/nss/nssinit.c --- ./lib/nss/nssinit.c.revert_libpkix 2024-06-07 09:26:03.000000000 -0700 +++ ./lib/nss/nssinit.c 2024-07-05 13:18:34.285174699 -0700 @@ -764,9 +764,9 @@ nss_Init(const char *configdir, const ch if (pkixError != NULL) { goto loser; } else { - char *ev = PR_GetEnvSecure("NSS_DISABLE_PKIX_VERIFY"); + char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY"); if (ev && ev[0]) { - CERT_SetUsePKIXForValidation(PR_FALSE); + CERT_SetUsePKIXForValidation(PR_TRUE); } } #endif /* NSS_DISABLE_LIBPKIX */ diff -up ./tests/all.sh.revert_libpkix ./tests/all.sh --- ./tests/all.sh.revert_libpkix 2024-06-07 09:26:03.000000000 -0700 +++ ./tests/all.sh 2024-07-05 13:18:34.285174699 -0700 @@ -143,9 +143,6 @@ run_cycle_standard() { TEST_MODE=STANDARD - NSS_DISABLE_LIBPKIX_VERIFY="1" - export NSS_DISABLE_LIBPKIX_VERIFY - TESTS="${ALL_TESTS}" TESTS_SKIP="libpkix pkits" @@ -153,8 +150,6 @@ run_cycle_standard() export NSS_DEFAULT_DB_TYPE run_tests - - unset NSS_DISABLE_LIBPKIX_VERIFY } ############################ run_cycle_pkix ############################ @@ -172,6 +167,9 @@ run_cycle_pkix() mkdir -p "${HOSTDIR}" init_directories + NSS_ENABLE_PKIX_VERIFY="1" + export NSS_ENABLE_PKIX_VERIFY + TESTS="${ALL_TESTS}" TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit" diff -up ./tests/common/init.sh.revert_libpkix ./tests/common/init.sh --- ./tests/common/init.sh.revert_libpkix 2024-06-07 09:26:03.000000000 -0700 +++ ./tests/common/init.sh 2024-07-05 13:18:34.285174699 -0700 @@ -140,8 +140,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU echo "NSS_SSL_RUN=\"${NSS_SSL_RUN}\"" echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}" echo "export NSS_DEFAULT_DB_TYPE" - echo "NSS_DISABLE_PKIX_VERIFY=${NSS_DISABLE_PKIX_VERIFY}" - echo "export NSS_DISABLE_PKIX_VERIFY" + echo "NSS_ENABLE_PKIX_VERIFY=${NSS_ENABLE_PKIX_VERIFY}" + echo "export NSS_ENABLE_PKIX_VERIFY" echo "init_directories" } diff -up ./tests/ssl/ssl.sh.revert_libpkix ./tests/ssl/ssl.sh --- ./tests/ssl/ssl.sh.revert_libpkix 2024-07-05 13:18:34.267174492 -0700 +++ ./tests/ssl/ssl.sh 2024-07-05 13:23:15.295402481 -0700 @@ -971,8 +971,9 @@ ssl_policy_pkix_ocsp() return 0 fi - PKIX_SAVE=${NSS_DISABLE_LIBPKIX_VERIFY-"unset"} - unset NSS_DISABLE_LIBPKIX_VERIFY + PKIX_SAVE=${NSS_ENABLE_PKIX_VERIFY-"unset"} + NSS_ENABLE_PKIX_VERIFY="1" + export NSS_ENABLE_PKIX_VERIFY testname="" @@ -997,10 +998,12 @@ ssl_policy_pkix_ocsp() html_msg $RET $RET_EXP "${testname}" \ "produced a returncode of $RET, expected is $RET_EXP" - if [ "{PKIX_SAVE}" != "unset" ]; then - export NSS_DISABLE_LIBPKIX_VERIFY=${PKIX_SAVE} + if [ "${PKIX_SAVE}" = "unset" ]; then + unset NSS_ENABLE_PKIX_VERIFY + else + NSS_ENABLE_PKIX_VERIFY=${PKIX_SAVE} + export NSS_ENABLE_PKIX_VERIFY fi - cp ${P_R_SERVERDIR}/pkcs11.txt.sav ${P_R_SERVERDIR}/pkcs11.txt html "
"