strepsirrhini/office-gobmx
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

unotest: fix NSS initialization for CentOS7 system NSS

Browse source 
When given an unprefixed path, CentOS7 system NSS 3.67 apparently
ignores the nice unit test database and creates a legacy "dbm:" one in
the same directory, which is of course empty.

This causes:

    xmlsecurity/qa/unit/signing/signing.cxx:570:aaa_testODFX509CertificateChain::TestBody
    equality assertion failed
    - Expected: 0
    - Actual  : 1

The intermediate/root CA certificates are read from the signature and
added with CERT_NewTempCertificate(), which then does a lookup in the
database to find the trust flags of the certificate:

 0  nssTrust_GetCERTCertTrustForCert () at pki3hack.c:610
 1  fill_CERTCertificateFields () at pki3hack.c:819
 2  stan_GetCERTCertificate () at pki3hack.c:926
 3  STAN_GetCERTCertificate () at pki3hack.c:973
 4  add_cert_to_cache () at tdcache.c:721
 5  nssTrustDomain_AddCertsToCache () at tdcache.c:849
 6  cert_createObject () at pkibase.c:1023
 7  nssPKIObjectCollection_GetObjects () at pkibase.c:853
 8  nssPKIObjectCollection_GetCertificates () at pkibase.c:1077
 9  nssTrustDomain_FindCertificateByIssuerAndSerialNumber () at trustdomain.c:796
 10 nssTrustDomain_FindCertificateByEncodedCertificate () at trustdomain.c:839
 11 NSSTrustDomain_FindCertificateByEncodedCertificate () at trustdomain.c:852
 12 CERT_NewTempCertificate () at stanpcertdb.c:366
 13 __CERT_NewTempCertificate () at stanpcertdb.c:474
 14 SecurityEnvironment_NssImpl::verifyCertificate() () at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:524

Change-Id: If334d056a9e13ad806e3ea1a03d395d606fd3d84
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133622
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
This commit is contained in:
Michael Stahl 2022-04-29 11:58:51 +02:00
parent 170cdf5e33
commit 55b9b3c9d4
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
unotest/source/cpp/macros_test.cxx
View file

@ -131,7 +131,8 @@ void MacrosTest::setUpNssGpg(const test::Directories& rDirectories, const OUStri
osl_setEnvironment(caVar.pData, aTargetPath.pData);
#else
OUString mozCertVar("MOZILLA_CERTIFICATE_FOLDER");
osl_setEnvironment(mozCertVar.pData, aTargetPath.pData);
// explicit prefix with "sql:" needed for CentOS7 system NSS 3.67
osl_setEnvironment(mozCertVar.pData, OUString("sql:" + aTargetPath).pData);
#endif
OUString gpgHomeVar("GNUPGHOME");
osl_setEnvironment(gpgHomeVar.pData, aTargetPath.pData);