ITS#7360 accept nss certname in the form of tokenname:certnickname

There are cases where the user may want to force the use of a particular PKCS11 device to use for a given certificate. Allow the user to do this with MozNSS by specifying the cert as "tokenname:certnickname" where token name is the name of a token/slot in a PKCS11 device and certnickname is the nickname of a certificate on that device.
2025-12-23 16:19:35 -05:00 · 2012-08-17 20:20:01 -06:00 · 2012-08-17 20:20:01 -06:00 · a0e48e7246
commit a0e48e7246
parent 1ebf95c31b
1 changed files with 20 additions and 1 deletions
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@ -2102,6 +2102,22 @@ tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 	return 0;
 }

+/* returns true if the given string looks like
+   "tokenname" ":" "certnickname"
+   This is true if there is a ':' colon character
+   in the string and the colon is not the first
+   or the last character in the string
+*/
+static int
+tlsm_is_tokenname_certnick( const char *certfile )
+{
+	if ( certfile ) {
+		const char *ptr = PL_strchr( certfile, ':' );
+		return ptr && (ptr != certfile) && (*(ptr+1));
+	}
+	return 0;
+}
+
 static int
 tlsm_deferred_ctx_init( void *arg )
 {
@ -2268,7 +2284,10 @@ tlsm_deferred_ctx_init( void *arg )
 		} else {
 			char *tmp_certname;

-			if ( ctx->tc_certdb_slot ) {
+			if ( tlsm_is_tokenname_certnick( lt->lt_certfile )) {
+				/* assume already in form tokenname:certnickname */
+				tmp_certname = PL_strdup( lt->lt_certfile );
+			} else if ( ctx->tc_certdb_slot ) {
 				tmp_certname = PR_smprintf( TLSM_CERTDB_DESC_FMT ":%s", ctx->tc_unique, lt->lt_certfile );
 			} else {
 				tmp_certname = PR_smprintf( "%s", lt->lt_certfile );