| Age | Commit message (Collapse) | Author |
|---|
|
x509.h includes cert.h. But that doesn't know of LO using
xmlsecurity/source/xmlsec/nss/nssrenam.h, which has a "#define
CERT_DecodeDERCertificate __CERT_DecodeDERCertificate". So the PCH
doesn't know of this rename and the compiler fails.
move the include line into the file that needs it and the --enable-pch=full
build works ok
Change-Id: I247bd219cf47964490ded439ad51bd8e8e120c48
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127744
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Jenkins
|
|
We have two environments where the signature and the stream bytes are
the same, still in one case the signature verification succeeds and in
the other case the hash doesn't match.
Log the signature as parsed into a DOM node (recursively), just case
something goes wrong during extracting a single signature from the
signatures list XML.
Change-Id: I54af71fdeb63d8ef44342f106746f938fa51f29a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127991
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
|
|
We only get:
warn:xmlsecurity.xmlsec:32272:32272:xmlsecurity/source/xmlsec/errorcallback.cxx:53: digests.c:226: xmlSecNssDigestVerify() 'sha1' '' 12 'data and digest do not match'
when one of the XML streams have a bad hash. Add some logging to help
figuring out (without a debugger) which stream is at fault.
Change-Id: Ib5f39df87bcdaaac1a21eb560c8f775c42a4079f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127885
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
|
|
Change-Id: I0a457dc8ddccc0fce42032956aff6d661d1ae80a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127403
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: Ib482e3982128dc47d88a79478d80eef43745d1b0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126086
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
...that had inadvertently been missing from
a5cea74034a8e029bfdf0f2b82ea8800bf5bd206 °Fix misuses of NULL across
Windows-only code"
Change-Id: I8f60cd6114ceb7c6413fb099778bfb06407bbb24
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124431
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I7cfcf9f9ea307bd737292e6f4f37a29f453167c6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124418
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
(not a typo according to the comment at
<https://gerrit.libreoffice.org/c/core/+/124287/3#message-df56362ec7d674eaab3fe81bb0827be81ee5686d>
"xmlsecurity: some Distinguished Names are less equal than others": "i was too
lazy to look up which integer would be returned by the function and hoped this
would convert it to bool anyway"
Change-Id: I0f4f4d19e8d382f4430023aa6f9459c66a605b04
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124321
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
It turns out that the 2 backends NSS and MS CryptoAPI generate different
string representations of the same Distinguished Name in at least one
corner case, when a value contains a quote " U+0022.
The CryptoAPI function to generate the strings is:
CertNameToStr(..., CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ...)
This is documented on MSDN:
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#CERT_X500_NAME_STR
NSS appears to implement RFC 1485, at least that's what the internal
function is named after, or perhaps one of its several successor RFCs
(not clear currently if there's a relevant difference).
This is now causing trouble if a certificate with such a DN is used in a
signature, created on WNT but then verified on another platform, because
commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66
introduced consistency checks that compare the DNs that occur as strings
in META-INF/documentsignatures.xml:
xmlsecurity/source/helper/xmlsignaturehelper.cxx:672: X509Data cannot be parsed
The reason is that in XSecController::setX509Data() the value read from
the X509IssuerSerial element (a string generated by CryptoAPI) doesn't
match the value generated by NSS from the certificate parsed from the
X509Certificate element, so these are erroneously interpreted as 2
distinct certificates.
Try to make the EqualDistinguishedNames() more flexible so that it can
try also a converted variant of the DN.
(libxmlsec's NSS backend also complains that it cannot parse the DN:
x509vfy.c:607: xmlSecNssX509NameRead() '' '' 12 'invalid data for 'char': actual=34 and expected comma ',''
but it manages to validate the signature despite this.)
Change-Id: I4f72900738d1f5313146bbda7320a8f44319ebc8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124287
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Ib9bd9b96d28c9c4dd0fa36a82a177e119aa04e6b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123820
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Tests added in commit 40d70d427edddb589eda64fafc2e56536953d274 don't
actually run on WNT but that wasn't obvious because commit
149df1fec6472e30582162e17e04c75aee91d26a prevented running them in
Jenkins on master, they failed only in the libreoffice-7-1 backport.
xmlsecurity/qa/unit/signing/signing.cxx(631) : error : Assertion
Test name: testODFDoubleX509Certificate::TestBody
assertion failed
- Expression: (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK)
- 2
This is an oddity where NSS claims the signature in the document is
valid but CryptoAPI claims it is invalid; the hashes passed into the
validation functions are the same. Just allow BROKEN as an additional
result value on WNT.
xmlsecurity/qa/unit/signing/signing.cxx(550) : error : Assertion
Test name: testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
The problem here is that with NSS the tests use a custom NSS database
in test/signing-keys so we need to make these certificates available for
CryptoAPI too.
The following one-liner converts the NSS database to a PKCS#7 that can
be loaded by CrytpAPI:
> openssl crl2pkcs7 -nocrl -certfile <(certutil -d sql:test/signing-keys -L | awk '/^[^ ].*,[^ ]*,/ { printf "%s", $1; for (i = 2; i < NF; i++) { printf " %s", $i; } printf "\n"; }' | while read name; do certutil -L -d sql:test/signing-keys -a -n "${name}" ; done) > test/signing-keys/test.p7b
Then one might naively assume that something like this would allow these
certificates to be added temporarily as trusted CAs:
+ HCERTSTORE hRoot = CertOpenSystemStoreW( 0, L"Root" ) ;
+ HCERTSTORE const hExtra = CertOpenStore(
+ CERT_STORE_PROV_FILENAME_A,
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+ NULL,
+ CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG,
+ path);
+ if (hExtra != NULL && hRoot != NULL)
+ {
+ BOOL ret = CertAddStoreToCollection(
+ hRoot,
+ hExtra,
+ CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG,
+ 0);
+ SAL_DEBUG("XXX hExtra done " << ret);
+ }
There is no error from this, but it doesn't work.
Instead, check if CertGetCertificateChain() sets the
CERT_TRUST_IS_UNTRUSTED_ROOT flag and then look up the certificate
manually in the extra PKCS#7 store.
Change-Id: Ic9865e0b5783211c2128ce0327c4583b7784ff62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123667
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
These 2 calls to CertAddStoreToCollection follow calls where
m_hCertStore was already added and according to the comments they
should add the other store instead.
(regression from commit 813e1f5a8ae4800e8a11c612de4e3b0a97f1368d)
Change-Id: If375f603647a702feb0ca8f272126a15d5d0e906
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123666
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: I9b35d6333afa6b305bf73fc55a7e60c8365674e9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122134
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
- Revise uses of getSomething to use getFromUnoTunnel
Where that is impossible, use getSomething_cast to unify casting,
and minimize number of places doing low-level transformations.
The change keeps the existing tunnel references that last for the
duration of the pointers' life, because sometimes destroying such
reference may destroy the pointed object, and result in use after
free.
Change-Id: I291c33223582c34cd2c763aa8aacf0ae899ca4c0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122101
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
- Change implementations of getSomething to use getSomethingImpl
Or where that's impossible, use getSomething_cast to unify this and
reduce number of places where we reinterpret_cast.
All static methods getting tunnel ids were renamed to getUnoTunnelId,
to comply with the convention used in <comphelper/servicehelper.hxx>.
TODO (in separate commits):
- Revise uses of getSomething to use getFromUnoTunnel
Change-Id: Ifde9e214b52e5df678de71fcc32d2199c82e85cf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122100
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
- Replace all uses of OImplementationId in core with UnoIdInit
- Deprecate OImplementationId in <cppuhelper/typeprovider.hxx>
OImplementationId uses broken double checked locking; additionally,
it uses it at the first call to getImplementationId, not when the
object is constructed. This implementation can't be changed, cince
it's part of published API; it can't rely on C++11, which would be
required for use of thread-safe statics and move the initialization
to ctor.
The class has obsolete _bUseEthernetAddress member, that is unused
and ignored since 4e9fa7e339a1cd6cb2fec643715991bcf5057cec. No need
to implement it when replacing its uses to UnoIdInit.
The deprecation is the API CHANGE. No published API is introduced to
replace it; 3rd-party code should seek alternative solutions, or just
keep using the deprecated functionality.
TODO (in separate commits):
- Change implementations of getSomething to use getSomethingImpl
- Revise uses of getSomething to use getFromUnoTunnel
Change-Id: I8b6e684e5389bc0d5bb3b7f21f72a4c8f684107d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122077
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
The header got some changes:
1. Move UnoTunnelIdInit and isUnoTunnelId into 'comphelper' namespace
2. Rename UnoTunnelIdInit to UnoIdInit, as a precondition to replace
of uses of OImplementationId with it, including in XTypeProvider
3. Introduce convenience functions 'getSomething_cast' to cast between
sal_Int64 and object pointers uniformly.
4. Rename getUnoTunnelImplementation to getFromUnoTunnel, both to make
it a bit shorter, and to reflect its function better. Templatize it
to take also css::uno::Any for convenience.
5. Introduce getSomethingImpl, inspired by sw::UnoTunnelImpl; allow it
handle cases both with and without fallback to parent.
6. Adjust UNO3_GETIMPLEMENTATION_* macros
TODO (in separate commits):
- Drop sw::UnoTunnelImpl and sw::UnoTunnelGetImplementation
- Replace all uses of OImplementationId in core with UnoIdInit
- Deprecate OImplementationId in <cppuhelper/typeprovider.hxx>
- Change implementations of getSomething to use getSomethingImpl
- Revise uses of getSomething to use getFromUnoTunnel
Change-Id: If4a3cb024130f1f552f988f0479589da1cd066e7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122022
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Change-Id: Iede70151af052505b780c6ce708aa74d97da5c75
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121545
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
as in commit 9376f65a26240441bf9dd6ae1f69886dc9fa60fa
Change-Id: I3ad9afd4d113582a214a4a4bc7eea55e38cd6ff9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119927
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I168750490f2c60f8c93aef630949acb4e29734b5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119750
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I4b00afbe71b5459a9b1b8e612e44af71616a9b8c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119749
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
...since 362a21d3a129b90149f6ef645c127f5e86e0ba61 "Use explicit function names
for fooA/fooW WinAPI; prefer fooW"
Change-Id: I391ae19b01625602231fbd890ee79073367cb449
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117834
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I49dd9e0de9b3e44186ed90f00aeb88dad4736374
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115814
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I89e098c7ff913dfbc2cafbf0cdbabfbbca69110a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115813
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I742060932f3408bd40921d91e062a7acee0832e3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115719
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
|
|
Change-Id: I8882dbd2b5ad7656ec5ff7d47fb2e3dcbcceb5e2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115700
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
- align with most of the rest of config_host
- rename DISABLE_OPENSSL to ENABLE_OPENSSL
- make this configurable
Change-Id: Ic3b41fcdda38db66134939f12265e0da24833d60
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114564
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Change-Id: I2071c27bdf074403ec24e67f9278ac27f9491303
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113698
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
xmlhelp, xmloff, xmlsecurity
Change-Id: I80c6fa806387f3dcba8be7f93fe2fef146b033e3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112050
Tested-by: Jenkins
Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
|
|
Building with --with-latest-c++:
> C:/lo/core/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx(664): error C2280: 'std::basic_ostream<char,std::char_traits<char>> &std::operator <<<std::char_traits<char>>(std::basic_ostream<char,std::char_traits<char>> &,const char16_t *)': attempting to reference a deleted function
> C:\PROGRA~2\MIB055~1\2019\COMMUN~1\VC\Tools\MSVC\1428~1.299\Include\ostream(951): note: see declaration of 'std::operator <<'
etc.
Change-Id: I70ae201c761fae907e602b6a929e23e3c8e7f692
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112318
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I91189ebd902b70e2fbe42fe8cc09b8677af1a5fb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112194
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Change-Id: I5254aa393f8e7172da59709923e4bbcd625ec713
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I1222658522e25b916010817f847685c20b1cf5c4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Ic5227df4bd5b1f3dfe9cd13ae971d268a40f0fcf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111120
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I038c4f85250b4d8d8fef605fd90f6fa53bbffe9f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111079
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
so if CertGetCertificateChain fails we don't want validity to be
css::security::CertificateValidity::VALID which is what the old default
of 0 equates to
notably
commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
Date: Thu Nov 5 16:55:26 2009 +0100
jl137: #103420# better logging
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
from 0 to CertificateValidity::INVALID like this change does
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110589
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: Ib7f122b20734ad51c6326e369e5e7eee1bf08a21
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109861
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: Ibdbfdb9c6fd25165d584d35475909f0085896898
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110410
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: I330e0ab6c9955939dad313f9d472f93e39dbd313
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109924
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
...for LIBO_INTERNAL_ONLY. These had been missed by
1b43cceaea2084a0489db68cd0113508f34b6643 "Make many OUString functions take
std::u16string_view parameters" because they did not match the multi-overload
pattern that was addressed there, but they nevertheless benefit from being
changed just as well (witness e.g. the various resulting changes from copy() to
subView()).
This showed a conversion from OStringChar to std::string_view to be missing
(while the corresponding conversion form OUStringChar to std::u16string_view was
already present).
The improvement to loplugin:stringadd became necessary to fix
> [CPT] compilerplugins/clang/test/stringadd.cxx
> error: 'error' diagnostics expected but not seen:
> File ~/lo/core/compilerplugins/clang/test/stringadd.cxx Line 43 (directive at ~/lo/core/compilerplugins/clang/test/stringadd.cxx:42): simplify by merging with the preceding assignment [loplugin:stringadd]
> File ~/lo/core/compilerplugins/clang/test/stringadd.cxx Line 61 (directive at ~/lo/core/compilerplugins/clang/test/stringadd.cxx:60): simplify by merging with the preceding assignment [loplugin:stringadd]
> 2 errors generated.
Change-Id: Ie40de0616a66e60e289c1af0ca60aed6f9ecc279
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107602
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: Id93a1c48cd0cc1aa8370498ce239035fc5c01730
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106570
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I47b44c80b2a5e3c9d84f5d7257efe17f138a1067
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106563
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I25c8d1a3c706f1ba7565a5f018b9660faf63ffaf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105734
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
|
|
...in Windows-only code, after c927aab29ebfff1ce3ac0b2f27ae343025a9890c "Make
the OUString ctors taking raw sal_Unicode pointer/non-const array explicit".
Interestingly, these occurrences were accepted by MSVC and only cause errors
with clang-cl, so happened to go unnoticed until now.
Change-Id: I33e7653e28a21541ef793b4b0750abb6037752db
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104314
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
This error causes Android App to be unable to
open Password-protected documents.
Change-Id: Iacbacb1c780025752e2447db325b075c58947818
Signed-off-by: Mert Tumer <mert.tumer@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103658
Tested-by: Jenkins
Reviewed-by: Andras Timar <andras.timar@collabora.com>
|
|
We must link nss statically, including the three dylibs that normally
are loaded at run-time, because including bare dylibs in an iOS appp
on the App Store is not OK. See
https://developer.apple.com/forums/thread/125796 .
For linking the softokn3 library statically, NSS already had code,
behind NSS_STATIC_SOFTOKEN ifdefs. Introduce two more macros:
NSS_STATIC_FREEBL for the freebl library and NSS_STATIC_PKCS11 for the
nssckbi library.
Turn off parallelism for the sub-make building nss. There seems to be
race conditions or something when running simultaneous instances of
the nsinstall.py script or the nsinstall program in nss (used when
building nss for the build platform).
When cross-compiling from macOS, use python3 to run the nsinstall.py
script, as it is Python 3.
Change-Id: Idd427b5ebf21f802b3feb0d5a3d259317ba8fc67
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103106
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103218
Tested-by: Jenkins
|
|
Change-Id: Ic9e410c77a04edbd58485d4177da22e17efa8720
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/99964
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
While developing the patchset for tdf#127909, I broke the
certificate path dialog, because I wasn't aware, that the
NSSInitializer service has to use the same logic to auto-
select the users profile, then the dialog. So currently you
have to keep the complex service and dialog auto-select
logic in sync.
To prevent this error, this moves all the profile auto-selection
and enumeration into the NSSInitializer service. What I also
stumbled over is the particular lifecycle of the NSS library
initialization in the NSS service. This is just done, when the
first user calls some crypto function. As a result it's actually
possible to change the path setting without restarting
LibreOffice. But since the NSS deninitialization is run as an
atexit handler, this setting can't be changed after the init.
What is currently missing is any indication inside the dialog of
the currently active NSS setting in comparison to any later user
selection, if the user doesn't restart LibreOffice as requested.
Change-Id: I886962777958c363abeb0ec91fc8a35cbd39eb98
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97668
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
|
|
Change-Id: I5fdb554a1b116824843f35645bc1cea3ca91e0f2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94093
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
