From 8a1c9bb1170213498d3386d2a5c2882868e4f535 Mon Sep 17 00:00:00 2001 Message-Id: <8a1c9bb1170213498d3386d2a5c2882868e4f535.1548110948.git.jan.steffens@gmail.com> From: "Jan Alexander Steffens (heftig)" Date: Thu, 1 Mar 2018 16:20:59 +0100 Subject: [PATCH] Build and install libnssckbi-p11-kit.so Create an additional library which is a copy of p11-kit-trust.so but uses the same label for root certs as libnssckbi.so: "Builtin Object Token" instead of "Default Trust". https://bugs.freedesktop.org/show_bug.cgi?id=66161 --- trust/Makefile.am | 14 ++++++++++++++ trust/module.c | 12 +++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/trust/Makefile.am b/trust/Makefile.am index c4a65a3..303e1d0 100644 --- a/trust/Makefile.am +++ b/trust/Makefile.am @@ -66,6 +66,20 @@ p11_kit_trust_la_LDFLAGS = \ p11_kit_trust_la_SOURCES = $(TRUST_SRCS) trust/module-init.c +libnssckbi_compatdir = $(libdir) +libnssckbi_compat_LTLIBRARIES = \ + libnssckbi-p11-kit.la + +libnssckbi_p11_kit_la_CFLAGS = \ + -DLIBNSSCKBI_COMPAT \ + $(p11_kit_trust_la_CFLAGS) + +libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD) + +libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS) + +libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES) + libtrust_testable_la_LDFLAGS = \ -no-undefined diff --git a/trust/module.c b/trust/module.c index 1722340..e776270 100644 --- a/trust/module.c +++ b/trust/module.c @@ -201,7 +201,11 @@ create_tokens_inlock (p11_array *tokens, int flags; } labels[] = { { "~/", "User Trust", P11_TOKEN_FLAG_NONE }, +#ifdef LIBNSSCKBI_COMPAT + { P11_DEFAULT_TRUST_PREFIX, "Builtin Object Token", P11_TOKEN_FLAG_WRITE_PROTECTED }, +#else { P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED }, +#endif { P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE }, { NULL }, }; @@ -534,8 +538,14 @@ sys_C_GetSlotInfo (CK_SLOT_ID id, info->flags = CKF_TOKEN_PRESENT; memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); +#ifdef LIBNSSCKBI_COMPAT + /* Change description to match libnssckbi so HPKP works in Chromium */ + if (strcmp (p11_token_get_label (token), "Builtin Object Token") == 0) + path = "NSS Builtin Objects"; + else +#endif + path = p11_token_get_path (token); /* If too long, copy the first 64 characters into buffer */ - path = p11_token_get_path (token); length = strlen (path); if (length > sizeof (info->slotDescription)) length = sizeof (info->slotDescription); -- 2.20.1