CWS-TOOLING: integrate CWS jl127

2009-07-30 10:12:10 +0200 jl  r274470 : #i100873# switch on checking for symbol definitions. It works with the current xpcom lib.
2009-07-29 09:48:29 +0200 jl  r274443 : #i100873#
2009-07-29 09:47:36 +0200 jl  r274442 : #i100873# changes after resync with DEV300m53 which contains the seamonkey update
2009-07-28 10:00:03 +0200 jl  r274389 : #100873# Patches from tono
2009-07-27 16:59:39 +0200 jl  r274372 : CWS-TOOLING: rebase CWS jl127 to trunk@274203 (milestone: DEV300:m53)
2009-07-07 09:08:53 +0200 jl  r273768 : #100873#
2009-07-06 17:16:10 +0200 jl  r273754 : #100873#
2009-07-01 13:58:09 +0200 jl  r273576 : #100873# added to readme
2009-07-01 13:15:02 +0200 jl  r273573 : #100873# deliver lib files when building with MS compiler
2009-06-30 11:22:06 +0200 jl  r273498 : #i100873# accidentally commented out patch_files
2009-06-30 09:01:10 +0200 jl  r273489 : #100873# make rc.exe work in ooo windows build
2009-06-29 09:47:56 +0200 jl  r273451 : #i100873# applied mingw patch from tono
2009-06-24 12:52:14 +0200 jl  r273332 : #100873# reapplying the configure.in patch on version 273150
2009-06-24 12:51:12 +0200 jl  r273331 : #100873# reapplying the patch on version 273150
2009-06-23 17:17:36 +0200 jl  r273299 : #100873# manually modified patch from tono
2009-06-22 17:05:41 +0200 jl  r273243 : #100873# applying mingw patch from tono
2009-06-22 17:02:30 +0200 jl  r273242 : #100873# applying mingw patch from tono
2009-06-22 12:49:57 +0200 jl  r273216 : #100873# dependency to stlport
2009-06-19 11:56:16 +0200 jl  r273155 : #100873# undoing a previous change, instset_native complained about missing libjpipe.jnilib (jurt)
2009-06-19 10:13:03 +0200 jl  r273150 : #100873# ooo builds shall also use the new nss by default
2009-06-18 14:32:07 +0200 jl  r273117 : #110873# more debug output when verifying a certificate
2009-06-16 11:23:50 +0200 jl  r273012 : #i10873#
2009-06-16 10:57:41 +0200 jl  r273011 : #100873# wrong parameter definition in nsscrypto_initialize
2009-06-16 10:56:45 +0200 jl  r273010 : #100873# wrong parameter definition in nsscrypto_initialize
2009-06-15 16:20:42 +0200 jl  r272996 : #100873# initialization of NSS is now threadsafe
2009-06-10 12:50:46 +0200 jl  r272804 : #100873# rename in foreach fails in 4nt
2009-06-09 13:43:00 +0200 jl  r272768 : #i100873# deliver only .h from inc/nss otherwise we get a warning when nss/nssck.api is delivered
2009-06-08 16:15:44 +0200 jl  r272739 : #i100873#
2009-06-08 16:04:54 +0200 jl  r272738 : #i100873#
2009-06-08 15:45:52 +0200 jl  r272736 : #i100873#
2009-06-08 15:44:15 +0200 jl  r272735 : #i100873# unzipping of nss.tar.z not working with 4nt
2009-06-08 09:45:46 +0200 jl  r272720 : #i100873#
2009-06-03 13:53:52 +0200 jl  r272562 : #i100873#  MOZILLABUILD not correct
2009-06-03 13:17:54 +0200 jl  r272557 : #i100873#  readme and makefile changes from cws jl125, support of new nss module
2009-06-03 09:57:40 +0200 jl  r272544 : #i100873#  added readme
2009-06-02 16:47:47 +0200 jl  r272512 : #i100873#  removed no longer needed stuff regarding jnilibs
2009-06-02 15:54:42 +0200 jl  r272510 : #i100873# added NSS to BUILD_TYPE
2009-06-02 15:20:18 +0200 jl  r272508 : #i100873# DEREFERENCE option for copy command
2009-06-02 13:00:12 +0200 jl  r272496 : #i100873# PATCH_FILE_NAMES is now PATCH_FILES
2009-06-02 12:23:39 +0200 jl  r272494 : #i100873# build dependency to nss
2009-05-29 16:21:40 +0200 jl  r272470 : #i100873# seting ENABLE_NSS_MODULE==YES and includeing mozilla-build-1.3 folder in environment
2009-05-29 16:03:23 +0200 jl  r272468 : #i100873# use intermediate certificates when validating a certificate
2009-05-29 15:57:16 +0200 jl  r272466 : #i100873# use intermediate certificates when validating a certificate
2009-05-29 15:49:58 +0200 jl  r272464 : #i100873# using ENABLE_NSS_MODULE
2009-05-29 15:33:14 +0200 jl  r272463 : #i100873# using ENABLE_NSS_MODULE
2009-05-29 15:28:39 +0200 jl  r272461 : #i100873# build dependency to nss module
2009-05-29 15:24:57 +0200 jl  r272460 : #i100873# pass additional certificates into verifyCertificate function
2009-05-29 14:49:40 +0200 jl  r272458 : #i100873# new NSS module
2009-05-29 14:43:44 +0200 jl  r272457 : #i100873# new NSS module

3 files changed, 40 insertions, 13 deletions

diff --git a/connectivity/prj/build.lst b/connectivity/prj/build.lst
index 21326f36023a..20cb27644e29 100644
--- a/connectivity/prj/build.lst
+++ b/connectivity/prj/build.lst
@@ -1,4 +1,4 @@
-cn  connectivity    :    l10n comphelper MOZ:moz SO:moz_prebuilt svtools UNIXODBC:unixODBC unoil javaunohelper HSQLDB:hsqldb QADEVOOO:qadevOOo officecfg NULL
+cn  connectivity    :    l10n comphelper MOZ:moz SO:moz_prebuilt svtools UNIXODBC:unixODBC unoil javaunohelper HSQLDB:hsqldb QADEVOOO:qadevOOo officecfg NSS:nss NULL
 cn  connectivity                                    usr1    -   all cn_mkout NULL
 cn  connectivity\inc                                nmake   -   all cn_inc NULL
 cn  connectivity\com\sun\star\sdbcx\comp\hsqldb     nmake   -   all cn_jhsqldbdb cn_hsqldb cn_inc NULL
diff --git a/connectivity/source/drivers/mozab/makefile.mk b/connectivity/source/drivers/mozab/makefile.mk
index 6240ed041047..42ce1ab8ca6e 100644
--- a/connectivity/source/drivers/mozab/makefile.mk
+++ b/connectivity/source/drivers/mozab/makefile.mk
@@ -76,9 +76,6 @@ MOZ_LIB_XPCOM= -L$(MOZ_LIB) -lnspr4 -lxpcom_core -lmozreg_s -lembed_base_s
 .ENDIF
 #End of mozilla specific stuff.
 
-# Disable '-z defs' due to broken libxpcom.
-LINKFLAGSDEFS=$(0)
-
 USE_DEFFILE=TRUE
 ENABLE_EXCEPTIONS=TRUE
 VISIBILITY_HIDDEN=TRUE
diff --git a/ucb/source/ucp/webdav/NeonSession.cxx b/ucb/source/ucp/webdav/NeonSession.cxx
index 4ceeef476d66..f1028f0dc535 100644
--- a/ucb/source/ucp/webdav/NeonSession.cxx
+++ b/ucb/source/ucp/webdav/NeonSession.cxx
@@ -32,6 +32,7 @@
 #include "precompiled_ucb.hxx"
 
 #include <hash_map>
+#include <vector>
 #include <string.h>
 #include <rtl/string.h>
 #include <ne_socket.h>
@@ -41,6 +42,8 @@
 #include <ne_ssl.h>
 #include "libxml/parser.h"
 #include <rtl/ustrbuf.hxx>
+#include "comphelper/sequence.hxx"
+
 #include "DAVAuthListener.hxx"
 #include "NeonTypes.hxx"
 #include "NeonSession.hxx"
@@ -395,6 +398,7 @@ extern "C" int NeonSession_CertificationNotify( void *userdata,
                                                 int failures,
                                                 const ne_ssl_certificate *cert )
 {
+    OSL_ASSERT(cert);
     NeonSession * pSession = static_cast< NeonSession * >( userdata );
     uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > xSecurityEnv;
      uno::Reference< ::com::sun::star::security::XCertificateContainer > xCertificateContainer;
@@ -442,18 +446,44 @@ extern "C" int NeonSession_CertificationNotify( void *userdata,
     xSecurityEnv = mxSecurityContext->getSecurityEnvironment();
 
 
-    char * rawCert;
-
-    rawCert = ne_ssl_cert_export( cert );
+    //The end entity certificate
+    char * eeCertB64 = ne_ssl_cert_export( cert );
 
-    ::rtl::OString sRawCert( rawCert );
+    ::rtl::OString sEECertB64( eeCertB64 );
 
-    uno::Reference< com::sun::star::security::XCertificate> xCert = xSecurityEnv->createCertificateFromAscii( ::rtl::OStringToOUString( sRawCert, RTL_TEXTENCODING_ASCII_US ) );
+    uno::Reference< com::sun::star::security::XCertificate> xEECert =
+        xSecurityEnv->createCertificateFromAscii(
+        ::rtl::OStringToOUString( sEECertB64, RTL_TEXTENCODING_ASCII_US ) );
 
-    sal_Int64 certValidity = xSecurityEnv->verifyCertificate( xCert );
+    free(eeCertB64);
+    eeCertB64 = NULL;
 
-
-    if ( pSession->isDomainMatch( GetHostnamePart( xCert.get()->getSubjectName())) )
+    std::vector<uno::Reference<com::sun::star::security::XCertificate> > vecCerts;
+    const ne_ssl_certificate * issuerCert = cert;
+    do
+    {
+        //get the intermediate certificate
+        //the returned value is const ! Therfore it does not need to be freed
+        //with ne_ssl_cert_free, which takes a non-const argument
+        issuerCert = ne_ssl_cert_signedby(issuerCert);
+        if (NULL == issuerCert)
+            break;
+
+        char * imCertB64 = ne_ssl_cert_export(issuerCert);
+        ::rtl::OString sInterMediateCertB64(imCertB64);
+        free(imCertB64);
+        uno::Reference< com::sun::star::security::XCertificate> xImCert =
+            xSecurityEnv->createCertificateFromAscii(
+                ::rtl::OStringToOUString( sInterMediateCertB64, RTL_TEXTENCODING_ASCII_US ) );
+        if (xImCert.is())
+            vecCerts.push_back(xImCert);
+    }while (1);
+
+    sal_Int64 certValidity = xSecurityEnv->verifyCertificate( xEECert,
+        ::comphelper::containerToSequence(vecCerts) );
+
+
+    if ( pSession->isDomainMatch( GetHostnamePart( xEECert.get()->getSubjectName())) )
     {
         //if host name matched with  certificate then look if the certificate was ok
         if( certValidity == ::security::CertificateValidity::VALID )
@@ -472,7 +502,7 @@ extern "C" int NeonSession_CertificationNotify( void *userdata,
         if ( xIH.is() )
         {
             rtl::Reference< ucbhelper::SimpleCertificateValidationRequest > xRequest
-                = new ucbhelper::SimpleCertificateValidationRequest((sal_Int32)failures, xCert, pSession->getHostName() );
+                = new ucbhelper::SimpleCertificateValidationRequest((sal_Int32)failures, xEECert, pSession->getHostName() );
             xIH->handle( xRequest.get() );
 
             rtl::Reference< ucbhelper::InteractionContinuation > xSelection