SHA256
1
0
forked from pool/pesign
pesign/pesign-local-database.patch

86 lines
2.5 KiB
Diff
Raw Normal View History

commit 21439f502b16cd168950cc2e38bfd6b6353ee428
Author: Matthew Garrett <mjg59@srcf.ucam.org>
Date: Tue Nov 27 10:11:36 2012 -0500
Add support for local certificate database directories
Users may wish to use a certificate database other than the systemwide
one. Add an option for that.
---
src/daemon.c | 4 ++--
src/daemon.h | 2 +-
src/pesign.c | 9 +++++++--
3 files changed, 10 insertions(+), 5 deletions(-)
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -877,7 +877,7 @@ err:
}
int
-daemonize(cms_context *cms_ctx, int do_fork)
+daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
{
int rc = 0;
context ctx = {
@@ -913,7 +913,7 @@ daemonize(cms_context *cms_ctx, int do_f
"pesignd starting (pid %d)", ctx.pid);
- SECStatus status = NSS_Init("/etc/pki/pesign");
+ SECStatus status = NSS_Init(certdir);
if (status != SECSuccess) {
fprintf(stderr, "Could not initialize nss: %s\n",
PORT_ErrorToString(PORT_GetError()));
--- a/src/daemon.h
+++ b/src/daemon.h
@@ -19,7 +19,7 @@
#ifndef DAEMON_H
#define DAEMON_H 1
-extern int daemonize(cms_context *ctx, int do_fork);
+extern int daemonize(cms_context *ctx, char *certdir, int do_fork);
typedef struct {
uint32_t version;
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -443,6 +443,7 @@ main(int argc, char *argv[])
char *tokenname = "NSS Certificate DB";
char *origtoken = tokenname;
char *certname = NULL;
+ char *certdir = "/etc/pki/pesign";
rc = pesign_context_new(&ctxp);
if (rc < 0) {
@@ -460,6 +461,10 @@ main(int argc, char *argv[])
{"certficate", 'c', POPT_ARG_STRING, &certname, 0,
"specify certificate nickname",
"<certificate nickname>" },
+ {"certdir", 'n', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
+ &certdir, 0,
+ "specify nss certificate database directory",
+ "<certificate directory path>" },
{"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0,
"specify private key file", "<privkey>" },
{"force", 'f', POPT_ARG_VAL, &ctxp->force, 1,
@@ -542,7 +547,7 @@ main(int argc, char *argv[])
poptFreeContext(optCon);
if (!daemon) {
- SECStatus status = NSS_Init("/etc/pki/pesign");
+ SECStatus status = NSS_Init(certdir);
if (status != SECSuccess) {
fprintf(stderr, "Could not initialize nss: %s\n",
PORT_ErrorToString(PORT_GetError()));
@@ -796,7 +801,7 @@ main(int argc, char *argv[])
close_output(ctxp);
break;
case DAEMONIZE:
- rc = daemonize(ctxp->cms_ctx, fork);
+ rc = daemonize(ctxp->cms_ctx, certdir, fork);
break;
default:
fprintf(stderr, "Incompatible flags (0x%08x): ", action);