From b0dcf266f19d27d6f4dc7da428cbfe39ddddd8c4 Mon Sep 17 00:00:00 2001
From: Release Engineers <releng@openoffice.org>
Date: Wed, 26 Aug 2009 08:22:01 +0000
Subject: CWS-TOOLING: integrate CWS jl127 2009-07-30 10:12:10 +0200 jl 
 r274470 : #i100873# switch on checking for symbol definitions. It works with
 the current xpcom lib. 2009-07-29 09:48:29 +0200 jl  r274443 : #i100873#
 2009-07-29 09:47:36 +0200 jl  r274442 : #i100873# changes after resync with
 DEV300m53 which contains the seamonkey update 2009-07-28 10:00:03 +0200 jl 
 r274389 : #100873# Patches from tono 2009-07-27 16:59:39 +0200 jl  r274372 :
 CWS-TOOLING: rebase CWS jl127 to trunk@274203 (milestone: DEV300:m53)
 2009-07-07 09:08:53 +0200 jl  r273768 : #100873# 2009-07-06 17:16:10 +0200 jl
  r273754 : #100873# 2009-07-01 13:58:09 +0200 jl  r273576 : #100873# added to
 readme 2009-07-01 13:15:02 +0200 jl  r273573 : #100873# deliver lib files
 when building with MS compiler 2009-06-30 11:22:06 +0200 jl  r273498 :
 #i100873# accidentally commented out patch_files 2009-06-30 09:01:10 +0200 jl
  r273489 : #100873# make rc.exe work in ooo windows build 2009-06-29 09:47:56
 +0200 jl  r273451 : #i100873# applied mingw patch from tono 2009-06-24
 12:52:14 +0200 jl  r273332 : #100873# reapplying the configure.in patch on
 version 273150 2009-06-24 12:51:12 +0200 jl  r273331 : #100873# reapplying
 the patch on version 273150 2009-06-23 17:17:36 +0200 jl  r273299 : #100873#
 manually modified patch from tono 2009-06-22 17:05:41 +0200 jl  r273243 :
 #100873# applying mingw patch from tono 2009-06-22 17:02:30 +0200 jl  r273242
 : #100873# applying mingw patch from tono 2009-06-22 12:49:57 +0200 jl 
 r273216 : #100873# dependency to stlport 2009-06-19 11:56:16 +0200 jl 
 r273155 : #100873# undoing a previous change, instset_native complained about
 missing libjpipe.jnilib (jurt) 2009-06-19 10:13:03 +0200 jl  r273150 :
 #100873# ooo builds shall also use the new nss by default 2009-06-18 14:32:07
 +0200 jl  r273117 : #110873# more debug output when verifying a certificate
 2009-06-16 11:23:50 +0200 jl  r273012 : #i10873# 2009-06-16 10:57:41 +0200 jl
  r273011 : #100873# wrong parameter definition in nsscrypto_initialize
 2009-06-16 10:56:45 +0200 jl  r273010 : #100873# wrong parameter definition
 in nsscrypto_initialize 2009-06-15 16:20:42 +0200 jl  r272996 : #100873#
 initialization of NSS is now threadsafe 2009-06-10 12:50:46 +0200 jl  r272804
 : #100873# rename in foreach fails in 4nt 2009-06-09 13:43:00 +0200 jl 
 r272768 : #i100873# deliver only .h from inc/nss otherwise we get a warning
 when nss/nssck.api is delivered 2009-06-08 16:15:44 +0200 jl  r272739 :
 #i100873# 2009-06-08 16:04:54 +0200 jl  r272738 : #i100873# 2009-06-08
 15:45:52 +0200 jl  r272736 : #i100873# 2009-06-08 15:44:15 +0200 jl  r272735
 : #i100873# unzipping of nss.tar.z not working with 4nt 2009-06-08 09:45:46
 +0200 jl  r272720 : #i100873# 2009-06-03 13:53:52 +0200 jl  r272562 :
 #i100873#  MOZILLABUILD not correct 2009-06-03 13:17:54 +0200 jl  r272557 :
 #i100873#  readme and makefile changes from cws jl125, support of new nss
 module 2009-06-03 09:57:40 +0200 jl  r272544 : #i100873#  added readme
 2009-06-02 16:47:47 +0200 jl  r272512 : #i100873#  removed no longer needed
 stuff regarding jnilibs 2009-06-02 15:54:42 +0200 jl  r272510 : #i100873#
 added NSS to BUILD_TYPE 2009-06-02 15:20:18 +0200 jl  r272508 : #i100873#
 DEREFERENCE option for copy command 2009-06-02 13:00:12 +0200 jl  r272496 :
 #i100873# PATCH_FILE_NAMES is now PATCH_FILES 2009-06-02 12:23:39 +0200 jl 
 r272494 : #i100873# build dependency to nss 2009-05-29 16:21:40 +0200 jl 
 r272470 : #i100873# seting ENABLE_NSS_MODULE==YES and includeing
 mozilla-build-1.3 folder in environment 2009-05-29 16:03:23 +0200 jl  r272468
 : #i100873# use intermediate certificates when validating a certificate
 2009-05-29 15:57:16 +0200 jl  r272466 : #i100873# use intermediate
 certificates when validating a certificate 2009-05-29 15:49:58 +0200 jl 
 r272464 : #i100873# using ENABLE_NSS_MODULE 2009-05-29 15:33:14 +0200 jl 
 r272463 : #i100873# using ENABLE_NSS_MODULE 2009-05-29 15:28:39 +0200 jl 
 r272461 : #i100873# build dependency to nss module 2009-05-29 15:24:57 +0200
 jl  r272460 : #i100873# pass additional certificates into verifyCertificate
 function 2009-05-29 14:49:40 +0200 jl  r272458 : #i100873# new NSS module
 2009-05-29 14:43:44 +0200 jl  r272457 : #i100873# new NSS module

---
 connectivity/prj/build.lst                    |  2 +-
 connectivity/source/drivers/mozab/makefile.mk |  3 --
 ucb/source/ucp/webdav/NeonSession.cxx         | 48 ++++++++++++++++++++++-----
 3 files changed, 40 insertions(+), 13 deletions(-)

diff --git a/connectivity/prj/build.lst b/connectivity/prj/build.lst
index 21326f36023a..20cb27644e29 100644
--- a/connectivity/prj/build.lst
+++ b/connectivity/prj/build.lst
@@ -1,4 +1,4 @@
-cn  connectivity    :    l10n comphelper MOZ:moz SO:moz_prebuilt svtools UNIXODBC:unixODBC unoil javaunohelper HSQLDB:hsqldb QADEVOOO:qadevOOo officecfg NULL
+cn  connectivity    :    l10n comphelper MOZ:moz SO:moz_prebuilt svtools UNIXODBC:unixODBC unoil javaunohelper HSQLDB:hsqldb QADEVOOO:qadevOOo officecfg NSS:nss NULL
 cn  connectivity                                    usr1    -   all cn_mkout NULL
 cn  connectivity\inc                                nmake   -   all cn_inc NULL
 cn  connectivity\com\sun\star\sdbcx\comp\hsqldb     nmake   -   all cn_jhsqldbdb cn_hsqldb cn_inc NULL
diff --git a/connectivity/source/drivers/mozab/makefile.mk b/connectivity/source/drivers/mozab/makefile.mk
index 6240ed041047..42ce1ab8ca6e 100644
--- a/connectivity/source/drivers/mozab/makefile.mk
+++ b/connectivity/source/drivers/mozab/makefile.mk
@@ -76,9 +76,6 @@ MOZ_LIB_XPCOM= -L$(MOZ_LIB) -lnspr4 -lxpcom_core -lmozreg_s -lembed_base_s
 .ENDIF
 #End of mozilla specific stuff.
 
-# Disable '-z defs' due to broken libxpcom.
-LINKFLAGSDEFS=$(0)
-
 USE_DEFFILE=TRUE
 ENABLE_EXCEPTIONS=TRUE
 VISIBILITY_HIDDEN=TRUE
diff --git a/ucb/source/ucp/webdav/NeonSession.cxx b/ucb/source/ucp/webdav/NeonSession.cxx
index 4ceeef476d66..f1028f0dc535 100644
--- a/ucb/source/ucp/webdav/NeonSession.cxx
+++ b/ucb/source/ucp/webdav/NeonSession.cxx
@@ -32,6 +32,7 @@
 #include "precompiled_ucb.hxx"
 
 #include <hash_map>
+#include <vector>
 #include <string.h>
 #include <rtl/string.h>
 #include <ne_socket.h>
@@ -41,6 +42,8 @@
 #include <ne_ssl.h>
 #include "libxml/parser.h"
 #include <rtl/ustrbuf.hxx>
+#include "comphelper/sequence.hxx"
+
 #include "DAVAuthListener.hxx"
 #include "NeonTypes.hxx"
 #include "NeonSession.hxx"
@@ -395,6 +398,7 @@ extern "C" int NeonSession_CertificationNotify( void *userdata,
                                                 int failures,
                                                 const ne_ssl_certificate *cert )
 {
+    OSL_ASSERT(cert);
     NeonSession * pSession = static_cast< NeonSession * >( userdata );
     uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > xSecurityEnv;
      uno::Reference< ::com::sun::star::security::XCertificateContainer > xCertificateContainer;
@@ -442,18 +446,44 @@ extern "C" int NeonSession_CertificationNotify( void *userdata,
     xSecurityEnv = mxSecurityContext->getSecurityEnvironment();
 
 
-    char * rawCert;
-
-    rawCert = ne_ssl_cert_export( cert );
+    //The end entity certificate
+    char * eeCertB64 = ne_ssl_cert_export( cert );
 
-    ::rtl::OString sRawCert( rawCert );
+    ::rtl::OString sEECertB64( eeCertB64 );
 
-    uno::Reference< com::sun::star::security::XCertificate> xCert = xSecurityEnv->createCertificateFromAscii( ::rtl::OStringToOUString( sRawCert, RTL_TEXTENCODING_ASCII_US ) );
+    uno::Reference< com::sun::star::security::XCertificate> xEECert =
+        xSecurityEnv->createCertificateFromAscii(
+        ::rtl::OStringToOUString( sEECertB64, RTL_TEXTENCODING_ASCII_US ) );
 
-    sal_Int64 certValidity = xSecurityEnv->verifyCertificate( xCert );
+    free(eeCertB64);
+    eeCertB64 = NULL;
 
-
-    if ( pSession->isDomainMatch( GetHostnamePart( xCert.get()->getSubjectName())) )
+    std::vector<uno::Reference<com::sun::star::security::XCertificate> > vecCerts;
+    const ne_ssl_certificate * issuerCert = cert;
+    do
+    {
+        //get the intermediate certificate
+        //the returned value is const ! Therfore it does not need to be freed
+        //with ne_ssl_cert_free, which takes a non-const argument
+        issuerCert = ne_ssl_cert_signedby(issuerCert);
+        if (NULL == issuerCert)
+            break;
+
+        char * imCertB64 = ne_ssl_cert_export(issuerCert);
+        ::rtl::OString sInterMediateCertB64(imCertB64);
+        free(imCertB64);
+        uno::Reference< com::sun::star::security::XCertificate> xImCert =
+            xSecurityEnv->createCertificateFromAscii(
+                ::rtl::OStringToOUString( sInterMediateCertB64, RTL_TEXTENCODING_ASCII_US ) );
+        if (xImCert.is())
+            vecCerts.push_back(xImCert);
+    }while (1);
+
+    sal_Int64 certValidity = xSecurityEnv->verifyCertificate( xEECert,
+        ::comphelper::containerToSequence(vecCerts) );
+
+
+    if ( pSession->isDomainMatch( GetHostnamePart( xEECert.get()->getSubjectName())) )
     {
         //if host name matched with  certificate then look if the certificate was ok
         if( certValidity == ::security::CertificateValidity::VALID )
@@ -472,7 +502,7 @@ extern "C" int NeonSession_CertificationNotify( void *userdata,
         if ( xIH.is() )
         {
             rtl::Reference< ucbhelper::SimpleCertificateValidationRequest > xRequest
-                = new ucbhelper::SimpleCertificateValidationRequest((sal_Int32)failures, xCert, pSession->getHostName() );
+                = new ucbhelper::SimpleCertificateValidationRequest((sal_Int32)failures, xEECert, pSession->getHostName() );
             xIH->handle( xRequest.get() );
 
             rtl::Reference< ucbhelper::InteractionContinuation > xSelection
-- 
cgit