Closed Bug 1263221 Opened 4 years ago Closed 4 years ago

improve how we handle the __CERT_AddTempCertToPerm situation

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla48
Tracking Status
firefox48 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

There is a function in NSS called CERT_AddTempCertToPerm that is useful to PSM. It is exported as __CERT_AddTempCertToPerm (I think because it is considered an internal API this "compromise" was settled upon). The relevant header file (certdb.h) only mentions CERT_AddTempCertToPerm, so if PSM code uses the prefixed version, the compiler can't find the declaration. If PSM uses the unprefixed version, the linker can't find the definition (since it's private). The workaround has been to insert a line '#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm' before including certdb.h (directly or indirectly) in any file using it. This doesn't work well with unified builds. However, it looks like we can leverage the improved build system to put the redefinition in the relevant moz.build files themselves. This bug will explore the feasibility of that option.
Here's how this came out on try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=07e42dd1d91a
r? to :chmanchester to confirm that this is an ok thing to do in moz.build.
Comment on attachment 8739548 [details]
MozReview Request: bug 1263221 - improve how PSM handles the visibility of __CERT_AddTempCertToPerm r?chmanchester,mgoodwin

https://reviewboard.mozilla.org/r/45307/#review41823

I'm fine with the PSM stuff - assuming the build / config stuff looks good to those who know about these things.
Attachment #8739548 - Flags: review?(mgoodwin) → review+
Attachment #8739548 - Flags: review?(cmanchester) → review+
Comment on attachment 8739548 [details]
MozReview Request: bug 1263221 - improve how PSM handles the visibility of __CERT_AddTempCertToPerm r?chmanchester,mgoodwin

https://reviewboard.mozilla.org/r/45307/#review42043

Looks good to me.
https://hg.mozilla.org/mozilla-central/rev/d4f4469ef5ff
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
You need to log in before you can comment on or make changes to this bug.