Bug#563253: With nss 3.12.5, evolution does not know about _any_ certificate authorities

Mike Hommey mh at glandium.org
Mon Jan 11 14:19:14 UTC 2010 

reassign 563253 evolution
tag 563253 + patch
thanks

On Fri, Jan 08, 2010 at 05:42:47PM +0000, Sam Morris wrote:
> On Fri, 2010-01-08 at 18:20 +0100, Mike Hommey wrote:
> > > > If you give evolution a new profile, is the certificate list populated in the new
> > > > profile under nss 3.12.5 ?
> > > 
> > > It is not populated in this case.
> > 
> > That's what I was afraid of.
> 
> Oh--if I create a profile, the certificate list is empty. But if I then
> symlink in libnssckbi.so and re-launch evolution, the certificate list
> is populated. So I think that modifying evolution to only open
> "libnssckbi.so" and then relying on NSS to to find the library will do
> the right thing.

I gave some more thought to the issue, and it appears quite pointless to
try to workaround the issue in nss to fix broken configurations, while
evolution will still need a modification for new profiles.

I'm therefore reassigning this bug to evolution, and attaching an
untested patch, that should just do the right thing. Please give it a
try.

Cheers,

Mike
-------------- next part --------------
--- evolution-2.28.2.orig/smime/lib/e-cert-db.c
+++ evolution-2.28.2/smime/lib/e-cert-db.c
@@ -254,37 +254,11 @@
 
 	if (!RootsModule) {
 #ifndef G_OS_WIN32
-		/* grovel in various places for mozilla's built-in
-		   cert module.
-
-		   XXX yes this is gross.  *sigh*
-		*/
-		const gchar *paths_to_check[] = {
-#ifdef MOZILLA_NSS_LIB_DIR
-			MOZILLA_NSS_LIB_DIR,
-#endif
-			"/usr/lib",
-			"/usr/lib/mozilla",
-			"/opt/mozilla/lib",
-			"/opt/mozilla/lib/mozilla"
-		};
-
-		for (i = 0; i < G_N_ELEMENTS (paths_to_check); i ++) {
-			gchar *dll_path = g_module_build_path (paths_to_check [i], "nssckbi");
-
-			if (g_file_test (dll_path, G_FILE_TEST_EXISTS)) {
-				PRInt32 modType;
-
-				/* Delete the existing module */
-				SECMOD_DeleteModule ("Mozilla Root Certs", &modType);
-
-				SECMOD_AddNewModule("Mozilla Root Certs",dll_path, 0, 0);
-				g_free (dll_path);
-				break;
-			}
-
-			g_free (dll_path);
-		}
+		PRInt32 modType;
+		gchar *dll_name = g_module_build_path(NULL, "nssckbi");
+		SECMOD_DeleteModule ("Mozilla Root Certs", &modType);
+		SECMOD_AddNewModule("Mozilla Root Certs",dll_name, 0, 0);
+		g_free(dll_name);
 #else
 		/* FIXME: Might be useful to look up if there is a
 		 * Mozilla installation on the machine and use the

More information about the pkg-mozilla-maintainers mailing list