summaryrefslogtreecommitdiff
path: root/nonsystemd/p11-kit/0001-Build-and-install-libnssckbi-p11-kit.so.patch
blob: 3ccdbb757c11fed82a6f9ed41a5197fac8106e07 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
From 8a1c9bb1170213498d3386d2a5c2882868e4f535 Mon Sep 17 00:00:00 2001
Message-Id: <8a1c9bb1170213498d3386d2a5c2882868e4f535.1548110948.git.jan.steffens@gmail.com>
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Thu, 1 Mar 2018 16:20:59 +0100
Subject: [PATCH] Build and install libnssckbi-p11-kit.so

Create an additional library which is a copy of p11-kit-trust.so but
uses the same label for root certs as libnssckbi.so:
  "Builtin Object Token" instead of "Default Trust".

https://bugs.freedesktop.org/show_bug.cgi?id=66161
---
 trust/Makefile.am | 14 ++++++++++++++
 trust/module.c    | 12 +++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/trust/Makefile.am b/trust/Makefile.am
index c4a65a3..303e1d0 100644
--- a/trust/Makefile.am
+++ b/trust/Makefile.am
@@ -66,6 +66,20 @@ p11_kit_trust_la_LDFLAGS = \
 
 p11_kit_trust_la_SOURCES = $(TRUST_SRCS) trust/module-init.c
 
+libnssckbi_compatdir = $(libdir)
+libnssckbi_compat_LTLIBRARIES = \
+	libnssckbi-p11-kit.la
+
+libnssckbi_p11_kit_la_CFLAGS = \
+	-DLIBNSSCKBI_COMPAT \
+	$(p11_kit_trust_la_CFLAGS)
+
+libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD)
+
+libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS)
+
+libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES)
+
 libtrust_testable_la_LDFLAGS = \
 	-no-undefined
 
diff --git a/trust/module.c b/trust/module.c
index 1722340..e776270 100644
--- a/trust/module.c
+++ b/trust/module.c
@@ -201,7 +201,11 @@ create_tokens_inlock (p11_array *tokens,
 		int flags;
 	} labels[] = {
 		{ "~/", "User Trust", P11_TOKEN_FLAG_NONE },
+#ifdef LIBNSSCKBI_COMPAT
+		{ P11_DEFAULT_TRUST_PREFIX, "Builtin Object Token", P11_TOKEN_FLAG_WRITE_PROTECTED },
+#else
 		{ P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED },
+#endif
 		{ P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE },
 		{ NULL },
 	};
@@ -534,8 +538,14 @@ sys_C_GetSlotInfo (CK_SLOT_ID id,
 		info->flags = CKF_TOKEN_PRESENT;
 		memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
 
+#ifdef LIBNSSCKBI_COMPAT
+		/* Change description to match libnssckbi so HPKP works in Chromium */
+		if (strcmp (p11_token_get_label (token), "Builtin Object Token") == 0)
+			path = "NSS Builtin Objects";
+		else
+#endif
+			path = p11_token_get_path (token);
 		/* If too long, copy the first 64 characters into buffer */
-		path = p11_token_get_path (token);
 		length = strlen (path);
 		if (length > sizeof (info->slotDescription))
 			length = sizeof (info->slotDescription);
-- 
2.20.1