diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2022-04-29 11:58:51 +0200 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2022-04-29 20:23:02 +0200 |
| commit | 55b9b3c9d4a71de1f4e4c79bfce2766d3ef73e28 (patch) | |
| tree | 0cd15d82fc90398c83338cf023fcd4bbbdc50e70 /unotest/source | |
| parent | 170cdf5e335f8803b6d851a9d16020d277e73288 (diff) | |
unotest: fix NSS initialization for CentOS7 system NSS
When given an unprefixed path, CentOS7 system NSS 3.67 apparently
ignores the nice unit test database and creates a legacy "dbm:" one in
the same directory, which is of course empty.
This causes:
xmlsecurity/qa/unit/signing/signing.cxx:570:aaa_testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
The intermediate/root CA certificates are read from the signature and
added with CERT_NewTempCertificate(), which then does a lookup in the
database to find the trust flags of the certificate:
0 nssTrust_GetCERTCertTrustForCert () at pki3hack.c:610
1 fill_CERTCertificateFields () at pki3hack.c:819
2 stan_GetCERTCertificate () at pki3hack.c:926
3 STAN_GetCERTCertificate () at pki3hack.c:973
4 add_cert_to_cache () at tdcache.c:721
5 nssTrustDomain_AddCertsToCache () at tdcache.c:849
6 cert_createObject () at pkibase.c:1023
7 nssPKIObjectCollection_GetObjects () at pkibase.c:853
8 nssPKIObjectCollection_GetCertificates () at pkibase.c:1077
9 nssTrustDomain_FindCertificateByIssuerAndSerialNumber () at trustdomain.c:796
10 nssTrustDomain_FindCertificateByEncodedCertificate () at trustdomain.c:839
11 NSSTrustDomain_FindCertificateByEncodedCertificate () at trustdomain.c:852
12 CERT_NewTempCertificate () at stanpcertdb.c:366
13 __CERT_NewTempCertificate () at stanpcertdb.c:474
14 SecurityEnvironment_NssImpl::verifyCertificate() () at xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:524
Change-Id: If334d056a9e13ad806e3ea1a03d395d606fd3d84
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133622
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Diffstat (limited to 'unotest/source')
| -rw-r--r-- | unotest/source/cpp/macros_test.cxx | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/unotest/source/cpp/macros_test.cxx b/unotest/source/cpp/macros_test.cxx index f30cbcdac3ea..6e8a26cceeb4 100644 --- a/unotest/source/cpp/macros_test.cxx +++ b/unotest/source/cpp/macros_test.cxx @@ -131,7 +131,8 @@ void MacrosTest::setUpNssGpg(const test::Directories& rDirectories, const OUStri osl_setEnvironment(caVar.pData, aTargetPath.pData); #else OUString mozCertVar("MOZILLA_CERTIFICATE_FOLDER"); - osl_setEnvironment(mozCertVar.pData, aTargetPath.pData); + // explicit prefix with "sql:" needed for CentOS7 system NSS 3.67 + osl_setEnvironment(mozCertVar.pData, OUString("sql:" + aTargetPath).pData); #endif OUString gpgHomeVar("GNUPGHOME"); osl_setEnvironment(gpgHomeVar.pData, aTargetPath.pData); |