tor-commits October 2011

tor-commits@lists.torproject.org

18 participants
1256 discussions

[torbrowser/master] update all changelogs
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit 44d5ccafed3560985332d448c905f349f813d77d Author: Erinn Clark <erinn(a)torproject.org> Date: Wed Aug 31 20:35:29 2011 +0100 update all changelogs --- changelog.linux-2.2 | 14 ++++++++++++++ changelog.osx-2.2 | 16 ++++++++++++++++ changelog.win-2.2 | 2 +- 3 files changed, 31 insertions(+), 1 deletions(-) diff --git a/changelog.linux-2.2 b/changelog.linux-2.2 index 6d49e4a..020c116 100644 --- a/changelog.linux-2.2 +++ b/changelog.linux-2.2 @@ -1,3 +1,17 @@ +Tor Browser Bundle (2.2.32-2) alpha; suite=linux + + * Update Firefox to 6.0.1, with an additional patch to exclude DigiNotar completely + - https://gitweb.torproject.org/torbrowser.git/commit/0be3b043afa0e54d207f603… + For the full saga, read: + - http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certifica… + - http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in… + * Update Libevent to 2.0.14-stable + * Update torbrowser.version string in prefs.js to have more information (see #3504) + * Enable internationalized bundles by adding and changing the + general.useragent.locale pref in prefs.js + + -- Erinn Clark <erinn(a)torproject.org> Wed Aug 31 17:43:09 BST 2011 + Tor Browser Bundle (2.2.32-1) alpha; suite=linux * Update Tor to 0.2.2.32 diff --git a/changelog.osx-2.2 b/changelog.osx-2.2 index 2b9edcb..9326450 100644 --- a/changelog.osx-2.2 +++ b/changelog.osx-2.2 @@ -1,3 +1,19 @@ +Tor Browser Bundle (2.2.32-2) alpha; suite=osx + + * Update Firefox to 6.0.1, with an additional patch to exclude DigiNotar completely + - https://gitweb.torproject.org/torbrowser.git/commit/0be3b043afa0e54d207f603… + For the full saga, read: + - http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certifica… + - http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in… + * Update Libevent to 2.0.14-stable + * Rebuild 32-bit binaries with backwards compatibility options so TBB works + on OSX 10.5 (closes: #3671) + * Update torbrowser.version string in prefs.js to have more information (see #3504) + * Enable internationalized bundles by adding and changing the + general.useragent.locale pref in prefs.js + + -- Erinn Clark <erinn(a)torproject.org> Wed Aug 31 17:43:09 BST 2011 + Tor Browser Bundle (2.2.32-1) alpha; suite=osx * Update Tor to 0.2.2.32 diff --git a/changelog.win-2.2 b/changelog.win-2.2 index 2436006..abfbef2 100644 --- a/changelog.win-2.2 +++ b/changelog.win-2.2 @@ -1,4 +1,4 @@ -Tor Browser Bundle (2.2.32-2) alpha; suite=osx +Tor Browser Bundle (2.2.32-2) alpha; suite=windows * Update Firefox to 6.0.1, with an additional patch to exclude DigiNotar completely - https://gitweb.torproject.org/torbrowser.git/commit/0be3b043afa0e54d207f603…

1 0

[torbrowser/master] bump windows version to 2.2.32-2
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit ced0a8b6b68f9d8047ecc4004d99f24b405823de Author: Erinn Clark <erinn(a)torproject.org> Date: Wed Aug 31 18:28:46 2011 +0100 bump windows version to 2.2.32-2 --- changelog.win-2.2 | 14 ++++++++++++++ 1 files changed, 14 insertions(+), 0 deletions(-) diff --git a/changelog.win-2.2 b/changelog.win-2.2 index 96eae99..2436006 100644 --- a/changelog.win-2.2 +++ b/changelog.win-2.2 @@ -1,3 +1,17 @@ +Tor Browser Bundle (2.2.32-2) alpha; suite=osx + + * Update Firefox to 6.0.1, with an additional patch to exclude DigiNotar completely + - https://gitweb.torproject.org/torbrowser.git/commit/0be3b043afa0e54d207f603… + For the full saga, read: + - http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certifica… + - http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in… + * Update Libevent to 2.0.14-stable + * Update torbrowser.version string in prefs.js to have more information (see #3504) + * Enable internationalized bundles by adding and changing the + general.useragent.locale pref in prefs.js + + -- Erinn Clark <erinn(a)torproject.org> Wed Aug 31 17:43:09 BST 2011 + Tor Browser Bundle (2.2.32-1) alpha; suite=windows * Update Tor to 0.2.2.32

1 0

[torbrowser/master] rename osx bundles from -alpha to -dev
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit da9cf1e9d9f575d1f54fc9e14f845736e9a2efdf Author: Erinn Clark <erinn(a)torproject.org> Date: Wed Aug 31 21:35:53 2011 +0100 rename osx bundles from -alpha to -dev --- build-scripts/osx.mk | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk index 816dd24..bdef4dc 100644 --- a/build-scripts/osx.mk +++ b/build-scripts/osx.mk @@ -157,7 +157,7 @@ NAME=TorBrowser DISTDIR=tbbosx-alpha-dist ## Version and name of the compressed bundle (also used for source) -VERSION=$(RELEASE_VER)-$(BUILD_NUM)-alpha +VERSION=$(RELEASE_VER)-$(BUILD_NUM)-dev DEFAULT_COMPRESSED_BASENAME=TorBrowser-$(VERSION)-osx-$(ARCH_TYPE)- IM_COMPRESSED_BASENAME=TorBrowser-IM-$(VERSION)- DEFAULT_COMPRESSED_NAME=$(DEFAULT_COMPRESSED_BASENAME)

1 0

[torbrowser/master] remove -alpha from windows filename and add the right branch for srcdist
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit b3452f96ff6a45d329fd55d11406e5d5b7cce29a Author: Erinn Clark <erinn(a)torproject.org> Date: Thu Sep 1 04:32:46 2011 +0100 remove -alpha from windows filename and add the right branch for srcdist --- build-scripts/windows.mk | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk index d4d4665..72909dd 100644 --- a/build-scripts/windows.mk +++ b/build-scripts/windows.mk @@ -145,7 +145,7 @@ NAME="Tor Browser" DISTDIR=tbbwin-alpha-dist ## Version and name of the compressed bundle (also used for source) -VERSION=$(RELEASE_VER)-$(BUILD_NUM)-alpha +VERSION=$(RELEASE_VER)-$(BUILD_NUM) DEFAULT_COMPRESSED_BASENAME=tor-browser-$(VERSION) IM_COMPRESSED_BASENAME=tor-im-browser-$(VERSION) DEFAULT_COMPRESSED_NAME=$(DEFAULT_COMPRESSED_BASENAME) @@ -471,7 +471,7 @@ SRCDEST=/tmp SRCDESTPATH=$(SRCDEST)/$(SRCNAME) srcdist: rm -fr $(SRCDESTPATH) - git clone git://git.torproject.org/torbrowser.git \ + git clone -b maint-2.2 git://git.torproject.org/torbrowser.git \ $(SRCDESTPATH) cd $(SRCDEST); tar --exclude src/archived-patches \ --exclude src/current-patches --exclude src/processtest \

1 0

[torbrowser/master] remove unnecessary sed from linux makefile
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit fb0ff547d07a40d7121e4360d26efb9640cff301 Author: Erinn Clark <erinn(a)torproject.org> Date: Thu Sep 1 04:28:54 2011 +0100 remove unnecessary sed from linux makefile --- build-scripts/linux.mk | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/build-scripts/linux.mk b/build-scripts/linux.mk index e7eaf94..1df7377 100644 --- a/build-scripts/linux.mk +++ b/build-scripts/linux.mk @@ -465,8 +465,6 @@ patch-firefox-language: ## Fix prefs.js since extensions.checkCompatibility, false doesn't work update-extension-pref: - #ext_ver=$$(sed -n '/em:version/{s,.*="$.*$".*,\1,p;q}' $(BUNDLE)/Data/profile/extensions/langpack-$(LANGCODE)(a)firefox.mozilla.org/install.rdf); \ - sed -i -e "s/SHPONKA/langpack-$(LANGCODE)@firefox.mozilla.org:$$ext_ver/g" $(BUNDLE)/Data/profile/prefs.js sed -i -e "s/SHPONKA/$(LANGCODE)/g" $(BUNDLE)/Data/profile/prefs.js sed -i -e "s/SHPONKA/$(LANGCODE)/g" $(BUNDLE)/App/Firefox/defaults/profile/prefs.js

1 0

[torbrowser/master] [2525 Linux] Make RelativeLink.sh work when run using a relative symlink
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit c9742f2ed77b02d8240d66dc1d4660891386eb11 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Fri Sep 2 03:25:11 2011 -0400 [2525 Linux] Make RelativeLink.sh work when run using a relative symlink --- src/RelativeLink/RelativeLink.sh | 31 +++++++++++++++++++++++-------- 1 files changed, 23 insertions(+), 8 deletions(-) diff --git a/src/RelativeLink/RelativeLink.sh b/src/RelativeLink/RelativeLink.sh index 579612c..222bb6d 100755 --- a/src/RelativeLink/RelativeLink.sh +++ b/src/RelativeLink/RelativeLink.sh @@ -133,17 +133,32 @@ fi # If this script is being run through a symlink, we need to know where # in the filesystem the script itself is, not where the symlink is. myname="$0" -while [ -L "$myname" ]; do +if [ -L "$myname" ]; then # XXX readlink is not POSIX, but is present in GNU coreutils # and on FreeBSD. Unfortunately, the -f option (which follows # a whole chain of symlinks until it reaches a non-symlink - # path name) is a GNUism, so we can't safely use it. (Using - # it would be rude to FreeBSD users who currently have no - # other officially supported choice than TBB for Linux, and - # might even break compatibility with older versions of the - # GNU utility.) - myname="`readlink -n "$myname"`" -done + # path name) is a GNUism, so we have to have a fallback for + # FreeBSD. Fortunately, FreeBSD has realpath instead; + # unfortunately, that's also non-POSIX and is not present in + # GNU coreutils. + # + # If this launcher were a C program, we could just use the + # realpath function, which *is* POSIX. Too bad POSIX didn't + # make that function accessible to shell scripts. + + # If realpath is available, use it; it Does The Right Thing. + possibly_my_real_name="`realpath "$myname" 2>/dev/null`" + if [ "$?" -eq 0 ]; then + myname="$possibly_my_real_name" + else + # realpath is not available; hopefully readlink -f works. + myname="`readlink -f "$myname" 2>/dev/null`" + if [ "$?" -ne 0 ]; then + # Ugh. + complain "start-tor-browser cannot be run using a symlink on this operating system." + fi + fi +fi # Try to be agnostic to where we're being started from, chdir to where # the script is.

1 0

[torbrowser/master] Bug #3666: Add string-based cacheKey for cache isolation
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit 9e3fe9ae26b16ae8b35091c89b653b84db1651fd Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Fri Sep 2 21:01:35 2011 -0700 Bug #3666: Add string-based cacheKey for cache isolation The current cacheKey is only 32bit, which is insufficient to isolate cache to domain due to the birthday paradox. Also, some weird issue with OSCP prevents reuse of the cacheKey field (#3754). --- .../0007-Add-a-string-based-cacheKey.patch | 85 ++++++++++++++++++++ 1 files changed, 85 insertions(+), 0 deletions(-) diff --git a/src/current-patches/0007-Add-a-string-based-cacheKey.patch b/src/current-patches/0007-Add-a-string-based-cacheKey.patch new file mode 100644 index 0000000..1e0dd0e --- /dev/null +++ b/src/current-patches/0007-Add-a-string-based-cacheKey.patch @@ -0,0 +1,85 @@ +From 62e7c05519aae2d515d8872525411b8fb4ff02a6 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Fri, 2 Sep 2011 20:47:02 -0700 +Subject: [PATCH 7/7] Add a string-based cacheKey. + +Used for isolating cache according to same-origin policy. +--- + netwerk/base/public/nsICachingChannel.idl | 7 +++++++ + netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++ + netwerk/protocol/http/nsHttpChannel.h | 1 + + 3 files changed, 30 insertions(+), 0 deletions(-) + +diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl +index 2da46d6..4ee5774 100644 +--- a/netwerk/base/public/nsICachingChannel.idl ++++ b/netwerk/base/public/nsICachingChannel.idl +@@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel + attribute nsISupports cacheKey; + + /** ++ * Set/get the cache domain... uniquely identifies the data in the cache ++ * for this channel. Holding a reference to this key does NOT prevent ++ * the cached data from being removed. ++ */ ++ attribute AUTF8String cacheDomain; ++ ++ /** + * Specifies whether or not the data should be cached to a file. This + * may fail if the disk cache is not present. The value of this attribute + * is usually only settable during the processing of a channel's +diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp +index 7a3254e..cef5eaa 100644 +--- a/netwerk/protocol/http/nsHttpChannel.cpp ++++ b/netwerk/protocol/http/nsHttpChannel.cpp +@@ -2379,6 +2379,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, + cacheKey.Append(buf); + } + ++ if (strlen(mCacheDomain.get()) > 0) { ++ cacheKey.AppendLiteral("domain="); ++ cacheKey.Append(mCacheDomain.get()); ++ cacheKey.AppendLiteral("&"); ++ } ++ + if (!cacheKey.IsEmpty()) { + cacheKey.AppendLiteral("uri="); + } +@@ -4658,6 +4664,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value) + } + + NS_IMETHODIMP ++nsHttpChannel::GetCacheDomain(nsACString &value) ++{ ++ value = mCacheDomain; ++ ++ return NS_OK; ++} ++ ++NS_IMETHODIMP ++nsHttpChannel::SetCacheDomain(const nsACString &value) ++{ ++ mCacheDomain = value; ++ ++ return NS_OK; ++} ++ ++NS_IMETHODIMP + nsHttpChannel::GetOfflineCacheClientID(nsACString &value) + { + value = mOfflineCacheClientID; +diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h +index dd0d7f4..f5016a8 100644 +--- a/netwerk/protocol/http/nsHttpChannel.h ++++ b/netwerk/protocol/http/nsHttpChannel.h +@@ -312,6 +312,7 @@ private: + nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry; + nsCacheAccessMode mOfflineCacheAccess; + nsCString mOfflineCacheClientID; ++ nsCString mCacheDomain; + + // auth specific data + nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider; +-- +1.7.3.4 +

1 0

[torbrowser/master] Rebase for Firefox 6.0.1
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit c382425b6cabec5d0e664db3de4c4111d9f5fe1c Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Sat Sep 3 02:45:35 2011 -0700 Rebase for Firefox 6.0.1 Drop our version of the DigiNotar patch, but keep the Dutch exemption removal. --- ...ock-Components.interfaces-lookupMethod-fr.patch | 4 +- ...fox6-Make-Permissions-Manager-memory-only.patch | 4 +- ...-Make-Intermediate-Cert-Store-memory-only.patch | 4 +- ...th-headers-before-the-modify-request-obse.patch | 51 + .../0004-Remove-DigiNotar-root.patch | 1842 -------------------- .../0005-Add-a-string-based-cacheKey.patch | 85 + src/current-patches/0005-Smash-the-state.patch | 31 - ...6-Randomize-HTTP-pipeline-order-and-depth.patch | 148 ++ src/current-patches/0007-Smash-the-state.patch | 37 + 9 files changed, 327 insertions(+), 1879 deletions(-) diff --git a/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch b/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch index 39a5c99..cfef3c2 100644 --- a/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch +++ b/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch @@ -1,7 +1,7 @@ -From c745f4022a8795e81a690c4a680d46aa407ba6c7 Mon Sep 17 00:00:00 2001 +From 1e21a3046829028f07c9bd13945e8bbeee2d5aad Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git(a)fscked.org> Date: Mon, 20 Jun 2011 17:07:41 -0700 -Subject: [PATCH 1/3] Firefox6: Block Components.interfaces,lookupMethod from content +Subject: [PATCH 1/7] Firefox6: Block Components.interfaces,lookupMethod from content This patch removes the ability of content script to access Components.interfaces.* as well as call or access Components.lookupMethod. diff --git a/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch b/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch index 35262e6..ac1ae8b 100644 --- a/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch +++ b/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch @@ -1,7 +1,7 @@ -From 1eb6ddb69b9fa4b82a555398d2c47b8ef1166ae2 Mon Sep 17 00:00:00 2001 +From c8cbe2617fd627f3edbd64c7ddaf99e6dd0301fb Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git(a)fscked.org> Date: Mon, 20 Jun 2011 17:07:56 -0700 -Subject: [PATCH 2/3] Firefox6: Make Permissions Manager memory-only +Subject: [PATCH 2/7] Firefox6: Make Permissions Manager memory-only This patch exposes a pref 'permissions.memory_only' that properly isolates the permissions manager to memory, which is responsible for all user specified diff --git a/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch index 68d426d..34a2a3e 100644 --- a/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch +++ b/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch @@ -1,7 +1,7 @@ -From c50f65a9f11e09332c2c97678b685d2bdcad7d62 Mon Sep 17 00:00:00 2001 +From 66d789bb9eb916dc909f7fda79f988c4360a3924 Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git(a)fscked.org> Date: Fri, 19 Aug 2011 17:58:23 -0700 -Subject: [PATCH 3/3] Firefox6: Make Intermediate Cert Store memory-only. +Subject: [PATCH 3/7] Firefox6: Make Intermediate Cert Store memory-only. This patch makes the intermediate SSL cert store exist in memory only. diff --git a/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch new file mode 100644 index 0000000..522407b --- /dev/null +++ b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch @@ -0,0 +1,51 @@ +From 3e7e9375aff79629b13332cf250715b155535a5b Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Fri, 2 Sep 2011 15:33:20 -0700 +Subject: [PATCH 4/7] Add HTTP auth headers before the modify-request observer. + +Otherwise, how are we supposed to modify them? + +Thanks to Georg Koppen for spotting both the problem and this fix. +--- + netwerk/protocol/http/nsHttpChannel.cpp | 11 +++++++---- + 1 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp +index 7038338..7a3254e 100644 +--- a/netwerk/protocol/http/nsHttpChannel.cpp ++++ b/netwerk/protocol/http/nsHttpChannel.cpp +@@ -311,9 +311,6 @@ nsHttpChannel::Connect(PRBool firstTime) + return NS_ERROR_DOCUMENT_NOT_CACHED; + } + +- // check to see if authorization headers should be included +- mAuthProvider->AddAuthorizationHeaders(); +- + if (mLoadFlags & LOAD_NO_NETWORK_IO) { + return NS_ERROR_DOCUMENT_NOT_CACHED; + } +@@ -3687,6 +3684,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context) + + AddCookiesToRequest(); + ++ // check to see if authorization headers should be included ++ mAuthProvider->AddAuthorizationHeaders(); ++ + // notify "http-on-modify-request" observers + gHttpHandler->OnModifyRequest(this); + +@@ -4758,7 +4758,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn) + // this authentication attempt (bug 84794). + // TODO: save cookies from auth response and send them here (bug 572151). + AddCookiesToRequest(); +- ++ ++ // check to see if authorization headers should be included ++ mAuthProvider->AddAuthorizationHeaders(); ++ + // notify "http-on-modify-request" observers + gHttpHandler->OnModifyRequest(this); + +-- +1.7.3.4 + diff --git a/src/current-patches/0004-Remove-DigiNotar-root.patch b/src/current-patches/0004-Remove-DigiNotar-root.patch deleted file mode 100644 index 7a47d22..0000000 --- a/src/current-patches/0004-Remove-DigiNotar-root.patch +++ /dev/null @@ -1,1842 +0,0 @@ -From 89d3bf65adf55183297ba7c3db4389130053a5c0 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git(a)fscked.org> -Date: Tue, 30 Aug 2011 11:59:50 -0700 -Subject: [PATCH 4/5] Remove DigiNotar root. - -This commit applies the three Firefox patches that will appear in 6.0.1: -https://hg.mozilla.org/releases/mozilla-release/rev/b5f28acb61c0 -https://hg.mozilla.org/releases/mozilla-release/rev/1cb931c6824a -https://hg.mozilla.org/releases/mozilla-release/rev/43636529bf9d - -We include the Dutch Gov't exemption in this patch. We intend to remove it in -the next patch. We do this so that we can drop this patch but still keep the -next one once we rebase to Firefox 6.0.1. ---- - .../webBrowser/nsWebBrowserContentPolicy.cpp | 15 +- - security/manager/ssl/src/nsIdentityChecking.cpp | 12 - - security/manager/ssl/src/nsNSSCallbacks.cpp | 72 +++- - security/manager/ssl/src/nsNSSCallbacks.h | 3 + - security/manager/ssl/src/nsNSSIOLayer.cpp | 7 +- - security/manager/ssl/src/nsNSSIOLayer.h | 7 + - security/nss/lib/ckfw/builtins/certdata.c | 429 +++++++------------- - security/nss/lib/ckfw/builtins/certdata.txt | 155 ------- - 8 files changed, 234 insertions(+), 466 deletions(-) - -diff --git a/embedding/browser/webBrowser/nsWebBrowserContentPolicy.cpp b/embedding/browser/webBrowser/nsWebBrowserContentPolicy.cpp -index 594a36f..f0f574d 100644 ---- a/embedding/browser/webBrowser/nsWebBrowserContentPolicy.cpp -+++ b/embedding/browser/webBrowser/nsWebBrowserContentPolicy.cpp -@@ -37,6 +37,8 @@ - * - * ***** END LICENSE BLOCK ***** */ - -+#define protected public -+#include <iostream> - #include "nsWebBrowserContentPolicy.h" - #include "nsIDocShell.h" - #include "nsCOMPtr.h" -@@ -55,9 +57,11 @@ nsWebBrowserContentPolicy::~nsWebBrowserContentPolicy() - NS_IMPL_ISUPPORTS1(nsWebBrowserContentPolicy, nsIContentPolicy) - - static nsresult --PerformPolicyCheck(PRUint32 contentType, -+PerformPolicyCheck(nsIURI *contentLocation, -+ PRUint32 contentType, - nsISupports *requestingContext, -- PRInt16 *decision) -+ PRInt16 *decision, -+ const nsACString &mimeGuess) - { - NS_PRECONDITION(decision, "Null out param"); - -@@ -70,10 +74,15 @@ PerformPolicyCheck(PRUint32 contentType, - - nsresult rv; - PRBool allowed = PR_TRUE; -+ nsACString spec; - - switch (contentType) { - case nsIContentPolicy::TYPE_OBJECT: - rv = shell->GetAllowPlugins(&allowed); -+ contentLocation->GetSpec(spec); -+ std::cerr << ToNewCString(spec) << " "; -+ std::cerr << ToNewCString(mimeGuess) << std::endl; -+ allowed = PR_TRUE; - break; - case nsIContentPolicy::TYPE_SCRIPT: - rv = shell->GetAllowJavascript(&allowed); -@@ -109,7 +118,7 @@ nsWebBrowserContentPolicy::ShouldLoad(PRUint32 contentType, - nsISupports *extra, - PRInt16 *shouldLoad) - { -- return PerformPolicyCheck(contentType, requestingContext, shouldLoad); -+ return PerformPolicyCheck(contentLocation, contentType, requestingContext, shouldLoad, mimeGuess); - } - - NS_IMETHODIMP -diff --git a/security/manager/ssl/src/nsIdentityChecking.cpp b/security/manager/ssl/src/nsIdentityChecking.cpp -index 1a3f38e..fb71372 100644 ---- a/security/manager/ssl/src/nsIdentityChecking.cpp -+++ b/security/manager/ssl/src/nsIdentityChecking.cpp -@@ -123,18 +123,6 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { - nsnull - }, - { -- // E=info(a)diginotar.nl,CN=DigiNotar Root CA,O=DigiNotar,C=NL -- "2.16.528.1.1001.1.1.1.12.6.1.1.1", -- "DigiNotar EV OID", -- SEC_OID_UNKNOWN, -- "C0:60:ED:44:CB:D8:81:BD:0E:F8:6C:0B:A2:87:DD:CF:81:67:47:8C", -- "MF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQKEwlEaWdpTm90YXIxGjAYBgNVBAMTEURp" -- "Z2lOb3RhciBSb290IENBMSAwHgYJKoZIhvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5u" -- "bA==", -- "DHbanJEMTiye/hXQWJM8TA==", -- nsnull -- }, -- { - // CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH - "2.16.756.1.89.1.2.1.1", - "SwissSign EV OID", -diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp -index 33cab2f..5e3a888 100644 ---- a/security/manager/ssl/src/nsNSSCallbacks.cpp -+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp -@@ -1034,6 +1034,53 @@ static struct nsSerialBinaryBlacklistEntry myUTNBlacklistEntries[] = { - { 0, 0 } // end marker - }; - -+// Bug 682927: Do not trust any DigiNotar-issued certificates. -+// We do this check after normal certificate validation because we do not -+// want to override a "revoked" OCSP response. -+PRErrorCode -+PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert, -+ CERTCertList * serverCertChain) -+{ -+ PRBool isDigiNotarIssuedCert = PR_FALSE; -+ -+ for (CERTCertListNode *node = CERT_LIST_HEAD(serverCertChain); -+ !CERT_LIST_END(node, serverCertChain); -+ node = CERT_LIST_NEXT(node)) { -+ if (!node->cert->issuerName) -+ continue; -+ -+ if (strstr(node->cert->issuerName, "CN=DigiNotar")) { -+ isDigiNotarIssuedCert = PR_TRUE; -+ // Do not let the user override the error if the cert was -+ // chained from the "DigiNotar Root CA" cert and the cert was issued -+ // within the time window in which we think the mis-issuance(s) occurred. -+ if (strstr(node->cert->issuerName, "CN=DigiNotar Root CA")) { -+ PRTime cutoff = 0, notBefore = 0, notAfter = 0; -+ PRStatus status = PR_ParseTimeString("01-JUL-2011 00:00", PR_TRUE, &cutoff); -+ NS_ASSERTION(status == PR_SUCCESS, "PR_ParseTimeString failed"); -+ if (status != PR_SUCCESS || -+ CERT_GetCertTimes(serverCert, &notBefore, &notAfter) != SECSuccess || -+ notBefore >= cutoff) { -+ return SEC_ERROR_REVOKED_CERTIFICATE; -+ } -+ } -+ } -+ -+ // By request of the Dutch government -+ if (!strcmp(node->cert->issuerName, -+ "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") && -+ CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) { -+ return 0; -+ } -+ } -+ -+ if (isDigiNotarIssuedCert) -+ return SEC_ERROR_UNTRUSTED_ISSUER; // user can override this -+ else -+ return 0; // No DigiNotor cert => carry on as normal -+} -+ -+ - SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, - PRBool checksig, PRBool isServer) { - nsNSSShutDownPreventionLock locker; -@@ -1079,7 +1126,7 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, - } - } - } -- -+ - SECStatus rv = PSM_SSL_PKIX_AuthCertificate(fd, serverCert, checksig, isServer); - - // We want to remember the CA certs in the temp db, so that the application can find the -@@ -1095,14 +1142,28 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, - nsc = nsNSSCertificate::Create(serverCert); - } - -- if (SECSuccess == rv) { -+ CERTCertList *certList = nsnull; -+ if (rv == SECSuccess) { -+ certList = CERT_GetCertChainFromCert(serverCert, PR_Now(), certUsageSSLCA); -+ if (!certList) { -+ rv = SECFailure; -+ } else { -+ PRErrorCode blacklistErrorCode = PSM_SSL_BlacklistDigiNotar(serverCert, -+ certList); -+ if (blacklistErrorCode != 0) { -+ infoObject->SetCertIssuerBlacklisted(); -+ PORT_SetError(blacklistErrorCode); -+ rv = SECFailure; -+ } -+ } -+ } -+ -+ if (rv == SECSuccess) { - if (nsc) { - PRBool dummyIsEV; - nsc->GetIsExtendedValidation(&dummyIsEV); // the nsc object will cache the status - } - -- CERTCertList *certList = CERT_GetCertChainFromCert(serverCert, PR_Now(), certUsageSSLCA); -- - nsCOMPtr<nsINSSComponent> nssComponent; - - for (CERTCertListNode *node = CERT_LIST_HEAD(certList); -@@ -1138,6 +1199,9 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, - PR_FREEIF(nickname); - } - -+ } -+ -+ if (certList) { - CERT_DestroyCertList(certList); - } - -diff --git a/security/manager/ssl/src/nsNSSCallbacks.h b/security/manager/ssl/src/nsNSSCallbacks.h -index fd4481e..adbb42a 100644 ---- a/security/manager/ssl/src/nsNSSCallbacks.h -+++ b/security/manager/ssl/src/nsNSSCallbacks.h -@@ -55,6 +55,9 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc *fd, void *client_data); - SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, - PRBool checksig, PRBool isServer); - -+PRErrorCode PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert, -+ CERTCertList * serverCertChain); -+ - SECStatus RegisterMyOCSPAIAInfoCallback(); - SECStatus UnregisterMyOCSPAIAInfoCallback(); - -diff --git a/security/manager/ssl/src/nsNSSIOLayer.cpp b/security/manager/ssl/src/nsNSSIOLayer.cpp -index c89030d..78cb3ec 100644 ---- a/security/manager/ssl/src/nsNSSIOLayer.cpp -+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp -@@ -226,7 +226,8 @@ nsNSSSocketInfo::nsNSSSocketInfo() - mAllowTLSIntoleranceTimeout(PR_TRUE), - mRememberClientAuthCertificate(PR_FALSE), - mHandshakeStartTime(0), -- mPort(0) -+ mPort(0), -+ mIsCertIssuerBlacklisted(PR_FALSE) - { - mThreadData = new nsSSLSocketThreadData; - } -@@ -3442,6 +3443,10 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket) - cvout, (void*)infoObject); - } - -+ if (infoObject->IsCertIssuerBlacklisted()) { -+ collected_errors |= nsICertOverrideService::ERROR_UNTRUSTED; -+ } -+ - // We ignore the result code of the cert verification. - // Either it is a failure, which is expected, and we'll process the - // verify log below. -diff --git a/security/manager/ssl/src/nsNSSIOLayer.h b/security/manager/ssl/src/nsNSSIOLayer.h -index 698bc06..0af2930 100644 ---- a/security/manager/ssl/src/nsNSSIOLayer.h -+++ b/security/manager/ssl/src/nsNSSIOLayer.h -@@ -202,6 +202,12 @@ public: - - PRStatus CloseSocketAndDestroy(); - -+ PRBool IsCertIssuerBlacklisted() const { -+ return mIsCertIssuerBlacklisted; -+ } -+ void SetCertIssuerBlacklisted() { -+ mIsCertIssuerBlacklisted = PR_TRUE; -+ } - protected: - nsCOMPtr<nsIInterfaceRequestor> mCallbacks; - PRFileDesc* mFd; -@@ -229,6 +235,7 @@ protected: - PRIntervalTime mHandshakeStartTime; - PRInt32 mPort; - nsXPIDLCString mHostName; -+ PRErrorCode mIsCertIssuerBlacklisted; - - /* SSL Status */ - nsRefPtr<nsSSLStatus> mSSLStatus; -diff --git a/security/nss/lib/ckfw/builtins/certdata.c b/security/nss/lib/ckfw/builtins/certdata.c -index 13a05ba..68ae468 100644 ---- a/security/nss/lib/ckfw/builtins/certdata.c -+++ b/security/nss/lib/ckfw/builtins/certdata.c -@@ -35,7 +35,7 @@ - * - * ***** END LICENSE BLOCK ***** */ - #ifdef DEBUG --static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.9 $ $Date: 2011/04/06 23:59:08 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.9 $ $Date: 2011/04/06 23:59:08 $"; -+static const char CVS_ID[] = "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.9 $ $Date: 2011/04/06 23:59:09 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.13 $ $Date: 2010/03/26 22:06:47 $"; - #endif /* DEBUG */ - - #ifndef BUILTINS_H -@@ -1015,12 +1015,6 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_318 [] = { - static const CK_ATTRIBUTE_TYPE nss_builtins_types_319 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED - }; --static const CK_ATTRIBUTE_TYPE nss_builtins_types_320 [] = { -- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE --}; --static const CK_ATTRIBUTE_TYPE nss_builtins_types_321 [] = { -- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED --}; - #ifdef DEBUG - static const NSSItem nss_builtins_items_0 [] = { - { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -@@ -1029,7 +1023,7 @@ static const NSSItem nss_builtins_items_0 [] = { - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"CVS ID", (PRUint32)7 }, - { (void *)"NSS", (PRUint32)4 }, -- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.9 $ $Date: 2011/04/06 23:59:08 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.9 $ $Date: 2011/04/06 23:59:08 $", (PRUint32)164 } -+ { (void *)"@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.9 $ $Date: 2011/04/06 23:59:09 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.13 $ $Date: 2010/03/26 22:06:47 $", (PRUint32)164 } - }; - #endif /* DEBUG */ - static const NSSItem nss_builtins_items_1 [] = { -@@ -12482,151 +12476,6 @@ static const NSSItem nss_builtins_items_186 [] = { - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)"DigiNotar Root CA", (PRUint32)18 }, -- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, -- { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061" --"\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157" --"\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151" --"\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061" --"\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021" --"\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156" --"\154" --, (PRUint32)97 }, -- { (void *)"0", (PRUint32)2 }, -- { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061" --"\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157" --"\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151" --"\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061" --"\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021" --"\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156" --"\154" --, (PRUint32)97 }, -- { (void *)"\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223" --"\074\114" --, (PRUint32)18 }, -- { (void *)"\060\202\005\212\060\202\003\162\240\003\002\001\002\002\020\014" --"\166\332\234\221\014\116\054\236\376\025\320\130\223\074\114\060" --"\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\137" --"\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022\060" --"\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164\141" --"\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147\151" --"\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040\060" --"\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151\156" --"\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154\060" --"\036\027\015\060\067\060\065\061\066\061\067\061\071\063\066\132" --"\027\015\062\065\060\063\063\061\061\070\061\071\062\061\132\060" --"\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022" --"\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164" --"\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147" --"\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040" --"\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151" --"\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154" --"\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001" --"\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001" --"\000\254\260\130\301\000\275\330\041\010\013\053\232\376\156\126" --"\060\005\237\033\167\220\020\101\134\303\015\207\021\167\216\201" --"\361\312\174\351\214\152\355\070\164\065\273\332\337\371\273\300" --"\011\067\264\226\163\201\175\063\032\230\071\367\223\157\225\177" --"\075\271\261\165\207\272\121\110\350\213\160\076\225\004\305\330" --"\266\303\026\331\210\260\261\207\035\160\332\206\264\017\024\213" --"\172\317\020\321\164\066\242\022\173\167\206\112\171\346\173\337" --"\002\021\150\245\116\206\256\064\130\233\044\023\170\126\042\045" --"\036\001\213\113\121\161\373\202\314\131\226\151\210\132\150\123" --"\305\271\015\002\067\313\113\274\146\112\220\176\052\013\005\007" --"\355\026\137\125\220\165\330\106\311\033\203\342\010\276\361\043" --"\314\231\035\326\052\017\203\040\025\130\047\202\056\372\342\042" --"\302\111\261\271\001\201\152\235\155\235\100\167\150\166\116\041" --"\052\155\204\100\205\116\166\231\174\202\363\363\267\002\131\324" --"\046\001\033\216\337\255\123\006\321\256\030\335\342\262\072\313" --"\327\210\070\216\254\133\051\271\031\323\230\371\030\003\317\110" --"\202\206\146\013\033\151\017\311\353\070\210\172\046\032\005\114" --"\222\327\044\324\226\362\254\122\055\243\107\325\122\366\077\376" --"\316\204\006\160\246\252\076\242\362\266\126\064\030\127\242\344" --"\201\155\347\312\360\152\323\307\221\153\002\203\101\174\025\357" --"\153\232\144\136\343\320\074\345\261\353\173\135\206\373\313\346" --"\167\111\315\243\145\334\367\271\234\270\344\013\137\223\317\314" --"\060\032\062\034\316\034\143\225\245\371\352\341\164\213\236\351" --"\053\251\060\173\240\030\037\016\030\013\345\133\251\323\321\154" --"\036\007\147\217\221\113\251\212\274\322\146\252\223\001\210\262" --"\221\372\061\134\325\246\301\122\010\011\315\012\143\242\323\042" --"\246\350\241\331\071\006\227\365\156\215\002\220\214\024\173\077" --"\200\315\033\234\272\304\130\162\043\257\266\126\237\306\172\102" --"\063\051\007\077\202\311\346\037\005\015\315\114\050\066\213\323" --"\310\076\034\306\210\357\136\356\211\144\351\035\353\332\211\176" --"\062\246\151\321\335\314\210\237\321\320\311\146\041\334\006\147" --"\305\224\172\232\155\142\114\175\314\340\144\200\262\236\107\216" --"\243\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035" --"\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125" --"\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125" --"\035\016\004\026\004\024\210\150\277\340\216\065\304\073\070\153" --"\142\367\050\073\204\201\310\014\327\115\060\015\006\011\052\206" --"\110\206\367\015\001\001\005\005\000\003\202\002\001\000\073\002" --"\215\313\074\060\350\156\240\255\362\163\263\137\236\045\023\004" --"\005\323\366\343\213\273\013\171\316\123\336\344\226\305\321\257" --"\163\274\325\303\320\100\125\174\100\177\315\033\137\011\325\362" --"\174\237\150\035\273\135\316\172\071\302\214\326\230\173\305\203" --"\125\250\325\175\100\312\340\036\367\211\136\143\135\241\023\302" --"\135\212\266\212\174\000\363\043\303\355\205\137\161\166\360\150" --"\143\252\105\041\071\110\141\170\066\334\361\103\223\324\045\307" --"\362\200\145\341\123\002\165\121\374\172\072\357\067\253\204\050" --"\127\014\330\324\324\231\126\154\343\242\376\131\204\264\061\350" --"\063\370\144\224\224\121\227\253\071\305\113\355\332\335\200\013" --"\157\174\051\015\304\216\212\162\015\347\123\024\262\140\101\075" --"\204\221\061\150\075\047\104\333\345\336\364\372\143\105\310\114" --"\076\230\365\077\101\272\116\313\067\015\272\146\230\361\335\313" --"\237\134\367\124\066\202\153\054\274\023\141\227\102\370\170\273" --"\314\310\242\237\312\360\150\275\153\035\262\337\215\157\007\235" --"\332\216\147\307\107\036\312\271\277\052\102\221\267\143\123\146" --"\361\102\243\341\364\132\115\130\153\265\344\244\063\255\134\160" --"\035\334\340\362\353\163\024\221\232\003\301\352\000\145\274\007" --"\374\317\022\021\042\054\256\240\275\072\340\242\052\330\131\351" --"\051\323\030\065\244\254\021\137\031\265\265\033\377\042\112\134" --"\306\172\344\027\357\040\251\247\364\077\255\212\247\232\004\045" --"\235\016\312\067\346\120\375\214\102\051\004\232\354\271\317\113" --"\162\275\342\010\066\257\043\057\142\345\312\001\323\160\333\174" --"\202\043\054\026\061\014\306\066\007\220\172\261\037\147\130\304" --"\073\130\131\211\260\214\214\120\263\330\206\313\150\243\304\012" --"\347\151\113\040\316\301\036\126\113\225\251\043\150\330\060\330" --"\303\353\260\125\121\315\345\375\053\270\365\273\021\237\123\124" --"\366\064\031\214\171\011\066\312\141\027\045\027\013\202\230\163" --"\014\167\164\303\325\015\307\250\022\114\307\247\124\161\107\056" --"\054\032\175\311\343\053\073\110\336\047\204\247\143\066\263\175" --"\217\240\144\071\044\015\075\173\207\257\146\134\164\033\113\163" --"\262\345\214\360\206\231\270\345\305\337\204\301\267\353" --, (PRUint32)1422 } --}; --static const NSSItem nss_builtins_items_187 [] = { -- { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)"DigiNotar Root CA", (PRUint32)18 }, -- { (void *)"\300\140\355\104\313\330\201\275\016\370\154\013\242\207\335\317" --"\201\147\107\214" --, (PRUint32)20 }, -- { (void *)"\172\171\124\115\007\222\073\133\377\101\360\016\307\071\242\230" --, (PRUint32)16 }, -- { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061" --"\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157" --"\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151" --"\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061" --"\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021" --"\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156" --"\154" --, (PRUint32)97 }, -- { (void *)"\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223" --"\074\114" --, (PRUint32)18 }, -- { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, -- { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, -- { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, -- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } --}; --static const NSSItem nss_builtins_items_188 [] = { -- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Network Solutions Certificate Authority", (PRUint32)40 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -@@ -12714,7 +12563,7 @@ static const NSSItem nss_builtins_items_188 [] = { - "\244\140\114\260\125\240\240\173\127\262" - , (PRUint32)1002 } - }; --static const NSSItem nss_builtins_items_189 [] = { -+static const NSSItem nss_builtins_items_187 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -12741,7 +12590,7 @@ static const NSSItem nss_builtins_items_189 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_190 [] = { -+static const NSSItem nss_builtins_items_188 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -12850,7 +12699,7 @@ static const NSSItem nss_builtins_items_190 [] = { - "\333" - , (PRUint32)1217 } - }; --static const NSSItem nss_builtins_items_191 [] = { -+static const NSSItem nss_builtins_items_189 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -12878,7 +12727,7 @@ static const NSSItem nss_builtins_items_191 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_192 [] = { -+static const NSSItem nss_builtins_items_190 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -12952,7 +12801,7 @@ static const NSSItem nss_builtins_items_192 [] = { - "\334\335\363\377\035\054\072\026\127\331\222\071\326" - , (PRUint32)653 } - }; --static const NSSItem nss_builtins_items_193 [] = { -+static const NSSItem nss_builtins_items_191 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -12981,7 +12830,7 @@ static const NSSItem nss_builtins_items_193 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_194 [] = { -+static const NSSItem nss_builtins_items_192 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13073,7 +12922,7 @@ static const NSSItem nss_builtins_items_194 [] = { - "\321\236\164\310\166\147" - , (PRUint32)1078 } - }; --static const NSSItem nss_builtins_items_195 [] = { -+static const NSSItem nss_builtins_items_193 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13098,7 +12947,7 @@ static const NSSItem nss_builtins_items_195 [] = { - { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_196 [] = { -+static const NSSItem nss_builtins_items_194 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13195,7 +13044,7 @@ static const NSSItem nss_builtins_items_196 [] = { - "\253\205\322\140\126\132" - , (PRUint32)1030 } - }; --static const NSSItem nss_builtins_items_197 [] = { -+static const NSSItem nss_builtins_items_195 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13223,7 +13072,7 @@ static const NSSItem nss_builtins_items_197 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_198 [] = { -+static const NSSItem nss_builtins_items_196 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13308,7 +13157,7 @@ static const NSSItem nss_builtins_items_198 [] = { - "\164" - , (PRUint32)897 } - }; --static const NSSItem nss_builtins_items_199 [] = { -+static const NSSItem nss_builtins_items_197 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13334,7 +13183,7 @@ static const NSSItem nss_builtins_items_199 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_200 [] = { -+static const NSSItem nss_builtins_items_198 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13431,7 +13280,7 @@ static const NSSItem nss_builtins_items_200 [] = { - "\374\276\337\012\015" - , (PRUint32)1013 } - }; --static const NSSItem nss_builtins_items_201 [] = { -+static const NSSItem nss_builtins_items_199 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13460,7 +13309,7 @@ static const NSSItem nss_builtins_items_201 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_202 [] = { -+static const NSSItem nss_builtins_items_200 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13571,7 +13420,7 @@ static const NSSItem nss_builtins_items_202 [] = { - "\241\361\017\033\037\075\236\004\203\335\226\331\035\072\224" - , (PRUint32)1151 } - }; --static const NSSItem nss_builtins_items_203 [] = { -+static const NSSItem nss_builtins_items_201 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13603,7 +13452,7 @@ static const NSSItem nss_builtins_items_203 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_204 [] = { -+static const NSSItem nss_builtins_items_202 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13757,7 +13606,7 @@ static const NSSItem nss_builtins_items_204 [] = { - "\103\307\003\340\067\116\135\012\334\131\040\045" - , (PRUint32)1964 } - }; --static const NSSItem nss_builtins_items_205 [] = { -+static const NSSItem nss_builtins_items_203 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13785,7 +13634,7 @@ static const NSSItem nss_builtins_items_205 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_206 [] = { -+static const NSSItem nss_builtins_items_204 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13866,7 +13715,7 @@ static const NSSItem nss_builtins_items_206 [] = { - "\300\226\130\057\352\273\106\327\273\344\331\056" - , (PRUint32)940 } - }; --static const NSSItem nss_builtins_items_207 [] = { -+static const NSSItem nss_builtins_items_205 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13889,7 +13738,7 @@ static const NSSItem nss_builtins_items_207 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_208 [] = { -+static const NSSItem nss_builtins_items_206 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14023,7 +13872,7 @@ static const NSSItem nss_builtins_items_208 [] = { - "\005\211\374\170\326\134\054\046\103\251" - , (PRUint32)1642 } - }; --static const NSSItem nss_builtins_items_209 [] = { -+static const NSSItem nss_builtins_items_207 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14051,7 +13900,7 @@ static const NSSItem nss_builtins_items_209 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_210 [] = { -+static const NSSItem nss_builtins_items_208 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14156,7 +14005,7 @@ static const NSSItem nss_builtins_items_210 [] = { - "\334\144\047\027\214\132\267\332\164\050\315\227\344\275" - , (PRUint32)1198 } - }; --static const NSSItem nss_builtins_items_211 [] = { -+static const NSSItem nss_builtins_items_209 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14183,7 +14032,7 @@ static const NSSItem nss_builtins_items_211 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_212 [] = { -+static const NSSItem nss_builtins_items_210 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14288,7 +14137,7 @@ static const NSSItem nss_builtins_items_212 [] = { - "\016\121\075\157\373\226\126\200\342\066\027\321\334\344" - , (PRUint32)1198 } - }; --static const NSSItem nss_builtins_items_213 [] = { -+static const NSSItem nss_builtins_items_211 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14315,7 +14164,7 @@ static const NSSItem nss_builtins_items_213 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_214 [] = { -+static const NSSItem nss_builtins_items_212 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14408,7 +14257,7 @@ static const NSSItem nss_builtins_items_214 [] = { - "\230" - , (PRUint32)993 } - }; --static const NSSItem nss_builtins_items_215 [] = { -+static const NSSItem nss_builtins_items_213 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14435,7 +14284,7 @@ static const NSSItem nss_builtins_items_215 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_216 [] = { -+static const NSSItem nss_builtins_items_214 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14524,7 +14373,7 @@ static const NSSItem nss_builtins_items_216 [] = { - "\126\144\127" - , (PRUint32)931 } - }; --static const NSSItem nss_builtins_items_217 [] = { -+static const NSSItem nss_builtins_items_215 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14551,7 +14400,7 @@ static const NSSItem nss_builtins_items_217 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_218 [] = { -+static const NSSItem nss_builtins_items_216 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14632,7 +14481,7 @@ static const NSSItem nss_builtins_items_218 [] = { - "\000\147\240\161\000\202\110" - , (PRUint32)919 } - }; --static const NSSItem nss_builtins_items_219 [] = { -+static const NSSItem nss_builtins_items_217 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14656,7 +14505,7 @@ static const NSSItem nss_builtins_items_219 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_220 [] = { -+static const NSSItem nss_builtins_items_218 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14738,7 +14587,7 @@ static const NSSItem nss_builtins_items_220 [] = { - "\316\145\006\056\135\322\052\123\164\136\323\156\047\236\217" - , (PRUint32)943 } - }; --static const NSSItem nss_builtins_items_221 [] = { -+static const NSSItem nss_builtins_items_219 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14762,7 +14611,7 @@ static const NSSItem nss_builtins_items_221 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_222 [] = { -+static const NSSItem nss_builtins_items_220 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14843,7 +14692,7 @@ static const NSSItem nss_builtins_items_222 [] = { - "\246\210\070\316\125" - , (PRUint32)933 } - }; --static const NSSItem nss_builtins_items_223 [] = { -+static const NSSItem nss_builtins_items_221 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14866,7 +14715,7 @@ static const NSSItem nss_builtins_items_223 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_224 [] = { -+static const NSSItem nss_builtins_items_222 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14985,7 +14834,7 @@ static const NSSItem nss_builtins_items_224 [] = { - "\201\370\021\234" - , (PRUint32)1460 } - }; --static const NSSItem nss_builtins_items_225 [] = { -+static const NSSItem nss_builtins_items_223 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15011,7 +14860,7 @@ static const NSSItem nss_builtins_items_225 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_226 [] = { -+static const NSSItem nss_builtins_items_224 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15145,7 +14994,7 @@ static const NSSItem nss_builtins_items_226 [] = { - "\311\234\220\332\354\251\102\074\255\266\002" - , (PRUint32)1307 } - }; --static const NSSItem nss_builtins_items_227 [] = { -+static const NSSItem nss_builtins_items_225 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15183,7 +15032,7 @@ static const NSSItem nss_builtins_items_227 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_228 [] = { -+static const NSSItem nss_builtins_items_226 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15261,7 +15110,7 @@ static const NSSItem nss_builtins_items_228 [] = { - "\366\324\357\277\114\210\150" - , (PRUint32)855 } - }; --static const NSSItem nss_builtins_items_229 [] = { -+static const NSSItem nss_builtins_items_227 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15285,7 +15134,7 @@ static const NSSItem nss_builtins_items_229 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_230 [] = { -+static const NSSItem nss_builtins_items_228 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15363,7 +15212,7 @@ static const NSSItem nss_builtins_items_230 [] = { - "\246\347\313\100\003\335\171" - , (PRUint32)855 } - }; --static const NSSItem nss_builtins_items_231 [] = { -+static const NSSItem nss_builtins_items_229 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15387,7 +15236,7 @@ static const NSSItem nss_builtins_items_231 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_232 [] = { -+static const NSSItem nss_builtins_items_230 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15514,7 +15363,7 @@ static const NSSItem nss_builtins_items_232 [] = { - "\320\352\111\242\034\215\122\024\246\012\223" - , (PRUint32)1515 } - }; --static const NSSItem nss_builtins_items_233 [] = { -+static const NSSItem nss_builtins_items_231 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15542,7 +15391,7 @@ static const NSSItem nss_builtins_items_233 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_234 [] = { -+static const NSSItem nss_builtins_items_232 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15616,7 +15465,7 @@ static const NSSItem nss_builtins_items_234 [] = { - "\366\356\260\132\116\111\104\124\130\137\102\203" - , (PRUint32)828 } - }; --static const NSSItem nss_builtins_items_235 [] = { -+static const NSSItem nss_builtins_items_233 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15639,7 +15488,7 @@ static const NSSItem nss_builtins_items_235 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_236 [] = { -+static const NSSItem nss_builtins_items_234 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15715,7 +15564,7 @@ static const NSSItem nss_builtins_items_236 [] = { - "\011\333\212\101\202\236\146\233\021" - , (PRUint32)857 } - }; --static const NSSItem nss_builtins_items_237 [] = { -+static const NSSItem nss_builtins_items_235 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15738,7 +15587,7 @@ static const NSSItem nss_builtins_items_237 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_238 [] = { -+static const NSSItem nss_builtins_items_236 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15821,7 +15670,7 @@ static const NSSItem nss_builtins_items_238 [] = { - "\262\033\211\124" - , (PRUint32)932 } - }; --static const NSSItem nss_builtins_items_239 [] = { -+static const NSSItem nss_builtins_items_237 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15845,7 +15694,7 @@ static const NSSItem nss_builtins_items_239 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_240 [] = { -+static const NSSItem nss_builtins_items_238 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15945,7 +15794,7 @@ static const NSSItem nss_builtins_items_240 [] = { - "\021\055" - , (PRUint32)1026 } - }; --static const NSSItem nss_builtins_items_241 [] = { -+static const NSSItem nss_builtins_items_239 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15975,7 +15824,7 @@ static const NSSItem nss_builtins_items_241 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_242 [] = { -+static const NSSItem nss_builtins_items_240 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16049,7 +15898,7 @@ static const NSSItem nss_builtins_items_242 [] = { - "\367\130\077\056\162\002\127\243\217\241\024\056" - , (PRUint32)652 } - }; --static const NSSItem nss_builtins_items_243 [] = { -+static const NSSItem nss_builtins_items_241 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16078,7 +15927,7 @@ static const NSSItem nss_builtins_items_243 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_244 [] = { -+static const NSSItem nss_builtins_items_242 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16184,7 +16033,7 @@ static const NSSItem nss_builtins_items_244 [] = { - "\061\324\100\032\142\064\066\077\065\001\256\254\143\240" - , (PRUint32)1070 } - }; --static const NSSItem nss_builtins_items_245 [] = { -+static const NSSItem nss_builtins_items_243 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16216,7 +16065,7 @@ static const NSSItem nss_builtins_items_245 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_246 [] = { -+static const NSSItem nss_builtins_items_244 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16295,7 +16144,7 @@ static const NSSItem nss_builtins_items_246 [] = { - "\017\212" - , (PRUint32)690 } - }; --static const NSSItem nss_builtins_items_247 [] = { -+static const NSSItem nss_builtins_items_245 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16325,7 +16174,7 @@ static const NSSItem nss_builtins_items_247 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_248 [] = { -+static const NSSItem nss_builtins_items_246 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16440,7 +16289,7 @@ static const NSSItem nss_builtins_items_248 [] = { - "\354\315\202\141\361\070\346\117\227\230\052\132\215" - , (PRUint32)1213 } - }; --static const NSSItem nss_builtins_items_249 [] = { -+static const NSSItem nss_builtins_items_247 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16472,7 +16321,7 @@ static const NSSItem nss_builtins_items_249 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_250 [] = { -+static const NSSItem nss_builtins_items_248 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16570,7 +16419,7 @@ static const NSSItem nss_builtins_items_250 [] = { - "\055\247\330\206\052\335\056\020" - , (PRUint32)904 } - }; --static const NSSItem nss_builtins_items_251 [] = { -+static const NSSItem nss_builtins_items_249 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16603,7 +16452,7 @@ static const NSSItem nss_builtins_items_251 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_252 [] = { -+static const NSSItem nss_builtins_items_250 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16705,7 +16554,7 @@ static const NSSItem nss_builtins_items_252 [] = { - "\330\316\304\143\165\077\131\107\261" - , (PRUint32)1049 } - }; --static const NSSItem nss_builtins_items_253 [] = { -+static const NSSItem nss_builtins_items_251 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16735,7 +16584,7 @@ static const NSSItem nss_builtins_items_253 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_254 [] = { -+static const NSSItem nss_builtins_items_252 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16854,7 +16703,7 @@ static const NSSItem nss_builtins_items_254 [] = { - "\370\161\012\334\271\374\175\062\140\346\353\257\212\001" - , (PRUint32)1486 } - }; --static const NSSItem nss_builtins_items_255 [] = { -+static const NSSItem nss_builtins_items_253 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16879,7 +16728,7 @@ static const NSSItem nss_builtins_items_255 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_256 [] = { -+static const NSSItem nss_builtins_items_254 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16969,7 +16818,7 @@ static const NSSItem nss_builtins_items_256 [] = { - "\315\345\250" - , (PRUint32)1043 } - }; --static const NSSItem nss_builtins_items_257 [] = { -+static const NSSItem nss_builtins_items_255 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16993,7 +16842,7 @@ static const NSSItem nss_builtins_items_257 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_258 [] = { -+static const NSSItem nss_builtins_items_256 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17098,7 +16947,7 @@ static const NSSItem nss_builtins_items_258 [] = { - "\115\273\306\104\333\066\313\052\234\216" - , (PRUint32)1258 } - }; --static const NSSItem nss_builtins_items_259 [] = { -+static const NSSItem nss_builtins_items_257 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17123,7 +16972,7 @@ static const NSSItem nss_builtins_items_259 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_260 [] = { -+static const NSSItem nss_builtins_items_258 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17199,7 +17048,7 @@ static const NSSItem nss_builtins_items_260 [] = { - "\002\153\331\132" - , (PRUint32)820 } - }; --static const NSSItem nss_builtins_items_261 [] = { -+static const NSSItem nss_builtins_items_259 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17223,7 +17072,7 @@ static const NSSItem nss_builtins_items_261 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_262 [] = { -+static const NSSItem nss_builtins_items_260 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17305,7 +17154,7 @@ static const NSSItem nss_builtins_items_262 [] = { - "\362" - , (PRUint32)881 } - }; --static const NSSItem nss_builtins_items_263 [] = { -+static const NSSItem nss_builtins_items_261 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17330,7 +17179,7 @@ static const NSSItem nss_builtins_items_263 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_264 [] = { -+static const NSSItem nss_builtins_items_262 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17446,7 +17295,7 @@ static const NSSItem nss_builtins_items_264 [] = { - "\113\076\053\070\007\125\230\136\244" - , (PRUint32)1465 } - }; --static const NSSItem nss_builtins_items_265 [] = { -+static const NSSItem nss_builtins_items_263 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17470,7 +17319,7 @@ static const NSSItem nss_builtins_items_265 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_266 [] = { -+static const NSSItem nss_builtins_items_264 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17535,7 +17384,7 @@ static const NSSItem nss_builtins_items_266 [] = { - "\375\166\004\333\142\273\220\152\003\331\106\065\331\370\174\133" - , (PRUint32)576 } - }; --static const NSSItem nss_builtins_items_267 [] = { -+static const NSSItem nss_builtins_items_265 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17562,7 +17411,7 @@ static const NSSItem nss_builtins_items_267 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_268 [] = { -+static const NSSItem nss_builtins_items_266 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17627,7 +17476,7 @@ static const NSSItem nss_builtins_items_268 [] = { - "\054\163\031\110\151\116\153\174\145\277\017\374\160\316\210\220" - , (PRUint32)576 } - }; --static const NSSItem nss_builtins_items_269 [] = { -+static const NSSItem nss_builtins_items_267 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17654,7 +17503,7 @@ static const NSSItem nss_builtins_items_269 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_270 [] = { -+static const NSSItem nss_builtins_items_268 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17751,7 +17600,7 @@ static const NSSItem nss_builtins_items_270 [] = { - "\202\042\055\172\124\253\160\303\175\042\145\202\160\226" - , (PRUint32)1038 } - }; --static const NSSItem nss_builtins_items_271 [] = { -+static const NSSItem nss_builtins_items_269 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17779,7 +17628,7 @@ static const NSSItem nss_builtins_items_271 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_272 [] = { -+static const NSSItem nss_builtins_items_270 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17870,7 +17719,7 @@ static const NSSItem nss_builtins_items_272 [] = { - "\336\102\343\055\202\361\017\345\372\227" - , (PRUint32)954 } - }; --static const NSSItem nss_builtins_items_273 [] = { -+static const NSSItem nss_builtins_items_271 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17898,7 +17747,7 @@ static const NSSItem nss_builtins_items_273 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_274 [] = { -+static const NSSItem nss_builtins_items_272 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17977,7 +17826,7 @@ static const NSSItem nss_builtins_items_274 [] = { - "\130\077\137" - , (PRUint32)867 } - }; --static const NSSItem nss_builtins_items_275 [] = { -+static const NSSItem nss_builtins_items_273 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18001,7 +17850,7 @@ static const NSSItem nss_builtins_items_275 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_276 [] = { -+static const NSSItem nss_builtins_items_274 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18094,7 +17943,7 @@ static const NSSItem nss_builtins_items_276 [] = { - "\045\361\224\264\146" - , (PRUint32)997 } - }; --static const NSSItem nss_builtins_items_277 [] = { -+static const NSSItem nss_builtins_items_275 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18121,7 +17970,7 @@ static const NSSItem nss_builtins_items_277 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_278 [] = { -+static const NSSItem nss_builtins_items_276 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18245,7 +18094,7 @@ static const NSSItem nss_builtins_items_278 [] = { - "\156\117\022\176\012\074\235\225" - , (PRUint32)1560 } - }; --static const NSSItem nss_builtins_items_279 [] = { -+static const NSSItem nss_builtins_items_277 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18270,7 +18119,7 @@ static const NSSItem nss_builtins_items_279 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_280 [] = { -+static const NSSItem nss_builtins_items_278 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18389,7 +18238,7 @@ static const NSSItem nss_builtins_items_280 [] = { - "\333\374\046\210\307" - , (PRUint32)1525 } - }; --static const NSSItem nss_builtins_items_281 [] = { -+static const NSSItem nss_builtins_items_279 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18413,7 +18262,7 @@ static const NSSItem nss_builtins_items_281 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_282 [] = { -+static const NSSItem nss_builtins_items_280 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18569,7 +18418,7 @@ static const NSSItem nss_builtins_items_282 [] = { - "\167\110\320" - , (PRUint32)1875 } - }; --static const NSSItem nss_builtins_items_283 [] = { -+static const NSSItem nss_builtins_items_281 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18600,7 +18449,7 @@ static const NSSItem nss_builtins_items_283 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_284 [] = { -+static const NSSItem nss_builtins_items_282 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18753,7 +18602,7 @@ static const NSSItem nss_builtins_items_284 [] = { - "\351\233\256\325\124\300\164\200\321\013\102\237\301" - , (PRUint32)1869 } - }; --static const NSSItem nss_builtins_items_285 [] = { -+static const NSSItem nss_builtins_items_283 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18783,7 +18632,7 @@ static const NSSItem nss_builtins_items_285 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_286 [] = { -+static const NSSItem nss_builtins_items_284 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18919,7 +18768,7 @@ static const NSSItem nss_builtins_items_286 [] = { - "\242\355\264\324\265\145\103\267\223\106\212\323" - , (PRUint32)1532 } - }; --static const NSSItem nss_builtins_items_287 [] = { -+static const NSSItem nss_builtins_items_285 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18949,7 +18798,7 @@ static const NSSItem nss_builtins_items_287 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_288 [] = { -+static const NSSItem nss_builtins_items_286 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19100,7 +18949,7 @@ static const NSSItem nss_builtins_items_288 [] = { - "\264" - , (PRUint32)1761 } - }; --static const NSSItem nss_builtins_items_289 [] = { -+static const NSSItem nss_builtins_items_287 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19130,7 +18979,7 @@ static const NSSItem nss_builtins_items_289 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_290 [] = { -+static const NSSItem nss_builtins_items_288 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19266,7 +19115,7 @@ static const NSSItem nss_builtins_items_290 [] = { - "\111\043" - , (PRUint32)1522 } - }; --static const NSSItem nss_builtins_items_291 [] = { -+static const NSSItem nss_builtins_items_289 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19296,7 +19145,7 @@ static const NSSItem nss_builtins_items_291 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_292 [] = { -+static const NSSItem nss_builtins_items_290 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19431,7 +19280,7 @@ static const NSSItem nss_builtins_items_292 [] = { - "\172\244\047\023\326\117\364\151" - , (PRUint32)1512 } - }; --static const NSSItem nss_builtins_items_293 [] = { -+static const NSSItem nss_builtins_items_291 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19461,7 +19310,7 @@ static const NSSItem nss_builtins_items_293 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_294 [] = { -+static const NSSItem nss_builtins_items_292 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19597,7 +19446,7 @@ static const NSSItem nss_builtins_items_294 [] = { - "\302\021\254" - , (PRUint32)1523 } - }; --static const NSSItem nss_builtins_items_295 [] = { -+static const NSSItem nss_builtins_items_293 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19627,7 +19476,7 @@ static const NSSItem nss_builtins_items_295 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_296 [] = { -+static const NSSItem nss_builtins_items_294 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19763,7 +19612,7 @@ static const NSSItem nss_builtins_items_296 [] = { - "\147\024\060" - , (PRUint32)1523 } - }; --static const NSSItem nss_builtins_items_297 [] = { -+static const NSSItem nss_builtins_items_295 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19793,7 +19642,7 @@ static const NSSItem nss_builtins_items_297 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_298 [] = { -+static const NSSItem nss_builtins_items_296 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19927,7 +19776,7 @@ static const NSSItem nss_builtins_items_298 [] = { - "\217\116\235\306\066\347\134\246\253\022\017\326\317" - , (PRUint32)1501 } - }; --static const NSSItem nss_builtins_items_299 [] = { -+static const NSSItem nss_builtins_items_297 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19957,7 +19806,7 @@ static const NSSItem nss_builtins_items_299 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_300 [] = { -+static const NSSItem nss_builtins_items_298 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20091,7 +19940,7 @@ static const NSSItem nss_builtins_items_300 [] = { - "\130\113\161\203\237\146\346\254\171\110\376\376\107" - , (PRUint32)1501 } - }; --static const NSSItem nss_builtins_items_301 [] = { -+static const NSSItem nss_builtins_items_299 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20121,7 +19970,7 @@ static const NSSItem nss_builtins_items_301 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_302 [] = { -+static const NSSItem nss_builtins_items_300 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20256,7 +20105,7 @@ static const NSSItem nss_builtins_items_302 [] = { - "\200\246\202\254\344\154\201\106\273\122\205\040\044\370\200\352" - , (PRUint32)1520 } - }; --static const NSSItem nss_builtins_items_303 [] = { -+static const NSSItem nss_builtins_items_301 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20286,7 +20135,7 @@ static const NSSItem nss_builtins_items_303 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_304 [] = { -+static const NSSItem nss_builtins_items_302 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20414,7 +20263,7 @@ static const NSSItem nss_builtins_items_304 [] = { - "\154\174\107\306\327\224\021\041\354\326\132\322\335\217\177\221" - , (PRUint32)1392 } - }; --static const NSSItem nss_builtins_items_305 [] = { -+static const NSSItem nss_builtins_items_303 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20444,7 +20293,7 @@ static const NSSItem nss_builtins_items_305 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_306 [] = { -+static const NSSItem nss_builtins_items_304 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20537,7 +20386,7 @@ static const NSSItem nss_builtins_items_306 [] = { - "\342\342\104\276\134\367\352\034\365" - , (PRUint32)969 } - }; --static const NSSItem nss_builtins_items_307 [] = { -+static const NSSItem nss_builtins_items_305 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20565,7 +20414,7 @@ static const NSSItem nss_builtins_items_307 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_308 [] = { -+static const NSSItem nss_builtins_items_306 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20662,7 +20511,7 @@ static const NSSItem nss_builtins_items_308 [] = { - "\364" - , (PRUint32)993 } - }; --static const NSSItem nss_builtins_items_309 [] = { -+static const NSSItem nss_builtins_items_307 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20691,7 +20540,7 @@ static const NSSItem nss_builtins_items_309 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_310 [] = { -+static const NSSItem nss_builtins_items_308 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20789,7 +20638,7 @@ static const NSSItem nss_builtins_items_310 [] = { - "\261\050\272" - , (PRUint32)1011 } - }; --static const NSSItem nss_builtins_items_311 [] = { -+static const NSSItem nss_builtins_items_309 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20818,7 +20667,7 @@ static const NSSItem nss_builtins_items_311 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_312 [] = { -+static const NSSItem nss_builtins_items_310 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20895,7 +20744,7 @@ static const NSSItem nss_builtins_items_312 [] = { - "\007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357" - , (PRUint32)848 } - }; --static const NSSItem nss_builtins_items_313 [] = { -+static const NSSItem nss_builtins_items_311 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20919,7 +20768,7 @@ static const NSSItem nss_builtins_items_313 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_314 [] = { -+static const NSSItem nss_builtins_items_312 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20996,7 +20845,7 @@ static const NSSItem nss_builtins_items_314 [] = { - "\355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333" - , (PRUint32)848 } - }; --static const NSSItem nss_builtins_items_315 [] = { -+static const NSSItem nss_builtins_items_313 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21020,7 +20869,7 @@ static const NSSItem nss_builtins_items_315 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_316 [] = { -+static const NSSItem nss_builtins_items_314 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21129,7 +20978,7 @@ static const NSSItem nss_builtins_items_316 [] = { - "\051\340\266\270\011\150\031\034\030\103" - , (PRUint32)1354 } - }; --static const NSSItem nss_builtins_items_317 [] = { -+static const NSSItem nss_builtins_items_315 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21153,7 +21002,7 @@ static const NSSItem nss_builtins_items_317 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_318 [] = { -+static const NSSItem nss_builtins_items_316 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21210,7 +21059,7 @@ static const NSSItem nss_builtins_items_318 [] = { - "\214\171" - , (PRUint32)514 } - }; --static const NSSItem nss_builtins_items_319 [] = { -+static const NSSItem nss_builtins_items_317 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21234,7 +21083,7 @@ static const NSSItem nss_builtins_items_319 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_320 [] = { -+static const NSSItem nss_builtins_items_318 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21324,7 +21173,7 @@ static const NSSItem nss_builtins_items_320 [] = { - "\326\267\064\365\176\316\071\232\331\070\361\121\367\117\054" - , (PRUint32)959 } - }; --static const NSSItem nss_builtins_items_321 [] = { -+static const NSSItem nss_builtins_items_319 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21675,13 +21524,11 @@ nss_builtins_data[] = { - { 11, nss_builtins_types_316, nss_builtins_items_316, {NULL} }, - { 13, nss_builtins_types_317, nss_builtins_items_317, {NULL} }, - { 11, nss_builtins_types_318, nss_builtins_items_318, {NULL} }, -- { 13, nss_builtins_types_319, nss_builtins_items_319, {NULL} }, -- { 11, nss_builtins_types_320, nss_builtins_items_320, {NULL} }, -- { 13, nss_builtins_types_321, nss_builtins_items_321, {NULL} } -+ { 13, nss_builtins_types_319, nss_builtins_items_319, {NULL} } - }; - const PRUint32 - #ifdef DEBUG -- nss_builtins_nObjects = 321+1; -+ nss_builtins_nObjects = 319+1; - #else -- nss_builtins_nObjects = 321; -+ nss_builtins_nObjects = 319; - #endif /* DEBUG */ -diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt -index 42e674b..a7de86a 100644 ---- a/security/nss/lib/ckfw/builtins/certdata.txt -+++ b/security/nss/lib/ckfw/builtins/certdata.txt -@@ -12461,161 +12461,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR - CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # --# Certificate "DigiNotar Root CA" --# --CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE --CKA_TOKEN CK_BBOOL CK_TRUE --CKA_PRIVATE CK_BBOOL CK_FALSE --CKA_MODIFIABLE CK_BBOOL CK_FALSE --CKA_LABEL UTF8 "DigiNotar Root CA" --CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 --CKA_SUBJECT MULTILINE_OCTAL --\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 --\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 --\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 --\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 --\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 --\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 --\154 --END --CKA_ID UTF8 "0" --CKA_ISSUER MULTILINE_OCTAL --\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 --\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 --\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 --\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 --\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 --\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 --\154 --END --CKA_SERIAL_NUMBER MULTILINE_OCTAL --\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223 --\074\114 --END --CKA_VALUE MULTILINE_OCTAL --\060\202\005\212\060\202\003\162\240\003\002\001\002\002\020\014 --\166\332\234\221\014\116\054\236\376\025\320\130\223\074\114\060 --\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\137 --\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022\060 --\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164\141 --\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147\151 --\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040\060 --\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151\156 --\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154\060 --\036\027\015\060\067\060\065\061\066\061\067\061\071\063\066\132 --\027\015\062\065\060\063\063\061\061\070\061\071\062\061\132\060 --\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022 --\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164 --\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147 --\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040 --\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151 --\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154 --\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 --\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 --\000\254\260\130\301\000\275\330\041\010\013\053\232\376\156\126 --\060\005\237\033\167\220\020\101\134\303\015\207\021\167\216\201 --\361\312\174\351\214\152\355\070\164\065\273\332\337\371\273\300 --\011\067\264\226\163\201\175\063\032\230\071\367\223\157\225\177 --\075\271\261\165\207\272\121\110\350\213\160\076\225\004\305\330 --\266\303\026\331\210\260\261\207\035\160\332\206\264\017\024\213 --\172\317\020\321\164\066\242\022\173\167\206\112\171\346\173\337 --\002\021\150\245\116\206\256\064\130\233\044\023\170\126\042\045 --\036\001\213\113\121\161\373\202\314\131\226\151\210\132\150\123 --\305\271\015\002\067\313\113\274\146\112\220\176\052\013\005\007 --\355\026\137\125\220\165\330\106\311\033\203\342\010\276\361\043 --\314\231\035\326\052\017\203\040\025\130\047\202\056\372\342\042 --\302\111\261\271\001\201\152\235\155\235\100\167\150\166\116\041 --\052\155\204\100\205\116\166\231\174\202\363\363\267\002\131\324 --\046\001\033\216\337\255\123\006\321\256\030\335\342\262\072\313 --\327\210\070\216\254\133\051\271\031\323\230\371\030\003\317\110 --\202\206\146\013\033\151\017\311\353\070\210\172\046\032\005\114 --\222\327\044\324\226\362\254\122\055\243\107\325\122\366\077\376 --\316\204\006\160\246\252\076\242\362\266\126\064\030\127\242\344 --\201\155\347\312\360\152\323\307\221\153\002\203\101\174\025\357 --\153\232\144\136\343\320\074\345\261\353\173\135\206\373\313\346 --\167\111\315\243\145\334\367\271\234\270\344\013\137\223\317\314 --\060\032\062\034\316\034\143\225\245\371\352\341\164\213\236\351 --\053\251\060\173\240\030\037\016\030\013\345\133\251\323\321\154 --\036\007\147\217\221\113\251\212\274\322\146\252\223\001\210\262 --\221\372\061\134\325\246\301\122\010\011\315\012\143\242\323\042 --\246\350\241\331\071\006\227\365\156\215\002\220\214\024\173\077 --\200\315\033\234\272\304\130\162\043\257\266\126\237\306\172\102 --\063\051\007\077\202\311\346\037\005\015\315\114\050\066\213\323 --\310\076\034\306\210\357\136\356\211\144\351\035\353\332\211\176 --\062\246\151\321\335\314\210\237\321\320\311\146\041\334\006\147 --\305\224\172\232\155\142\114\175\314\340\144\200\262\236\107\216 --\243\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035 --\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 --\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 --\035\016\004\026\004\024\210\150\277\340\216\065\304\073\070\153 --\142\367\050\073\204\201\310\014\327\115\060\015\006\011\052\206 --\110\206\367\015\001\001\005\005\000\003\202\002\001\000\073\002 --\215\313\074\060\350\156\240\255\362\163\263\137\236\045\023\004 --\005\323\366\343\213\273\013\171\316\123\336\344\226\305\321\257 --\163\274\325\303\320\100\125\174\100\177\315\033\137\011\325\362 --\174\237\150\035\273\135\316\172\071\302\214\326\230\173\305\203 --\125\250\325\175\100\312\340\036\367\211\136\143\135\241\023\302 --\135\212\266\212\174\000\363\043\303\355\205\137\161\166\360\150 --\143\252\105\041\071\110\141\170\066\334\361\103\223\324\045\307 --\362\200\145\341\123\002\165\121\374\172\072\357\067\253\204\050 --\127\014\330\324\324\231\126\154\343\242\376\131\204\264\061\350 --\063\370\144\224\224\121\227\253\071\305\113\355\332\335\200\013 --\157\174\051\015\304\216\212\162\015\347\123\024\262\140\101\075 --\204\221\061\150\075\047\104\333\345\336\364\372\143\105\310\114 --\076\230\365\077\101\272\116\313\067\015\272\146\230\361\335\313 --\237\134\367\124\066\202\153\054\274\023\141\227\102\370\170\273 --\314\310\242\237\312\360\150\275\153\035\262\337\215\157\007\235 --\332\216\147\307\107\036\312\271\277\052\102\221\267\143\123\146 --\361\102\243\341\364\132\115\130\153\265\344\244\063\255\134\160 --\035\334\340\362\353\163\024\221\232\003\301\352\000\145\274\007 --\374\317\022\021\042\054\256\240\275\072\340\242\052\330\131\351 --\051\323\030\065\244\254\021\137\031\265\265\033\377\042\112\134 --\306\172\344\027\357\040\251\247\364\077\255\212\247\232\004\045 --\235\016\312\067\346\120\375\214\102\051\004\232\354\271\317\113 --\162\275\342\010\066\257\043\057\142\345\312\001\323\160\333\174 --\202\043\054\026\061\014\306\066\007\220\172\261\037\147\130\304 --\073\130\131\211\260\214\214\120\263\330\206\313\150\243\304\012 --\347\151\113\040\316\301\036\126\113\225\251\043\150\330\060\330 --\303\353\260\125\121\315\345\375\053\270\365\273\021\237\123\124 --\366\064\031\214\171\011\066\312\141\027\045\027\013\202\230\163 --\014\167\164\303\325\015\307\250\022\114\307\247\124\161\107\056 --\054\032\175\311\343\053\073\110\336\047\204\247\143\066\263\175 --\217\240\144\071\044\015\075\173\207\257\146\134\164\033\113\163 --\262\345\214\360\206\231\270\345\305\337\204\301\267\353 --END -- --# Trust for Certificate "DigiNotar Root CA" --CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST --CKA_TOKEN CK_BBOOL CK_TRUE --CKA_PRIVATE CK_BBOOL CK_FALSE --CKA_MODIFIABLE CK_BBOOL CK_FALSE --CKA_LABEL UTF8 "DigiNotar Root CA" --CKA_CERT_SHA1_HASH MULTILINE_OCTAL --\300\140\355\104\313\330\201\275\016\370\154\013\242\207\335\317 --\201\147\107\214 --END --CKA_CERT_MD5_HASH MULTILINE_OCTAL --\172\171\124\115\007\222\073\133\377\101\360\016\307\071\242\230 --END --CKA_ISSUER MULTILINE_OCTAL --\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 --\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 --\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 --\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 --\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 --\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 --\154 --END --CKA_SERIAL_NUMBER MULTILINE_OCTAL --\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223 --\074\114 --END --CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR --CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN --CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR --CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -- --# - # Certificate "Network Solutions Certificate Authority" - # - CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE --- -1.7.3.4 - diff --git a/src/current-patches/0005-Add-a-string-based-cacheKey.patch b/src/current-patches/0005-Add-a-string-based-cacheKey.patch new file mode 100644 index 0000000..1a3b214 --- /dev/null +++ b/src/current-patches/0005-Add-a-string-based-cacheKey.patch @@ -0,0 +1,85 @@ +From 29844b8d74f033c3a2682af40f4b3ee6183450f4 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Fri, 2 Sep 2011 20:47:02 -0700 +Subject: [PATCH 5/7] Add a string-based cacheKey. + +Used for isolating cache according to same-origin policy. +--- + netwerk/base/public/nsICachingChannel.idl | 7 +++++++ + netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++ + netwerk/protocol/http/nsHttpChannel.h | 1 + + 3 files changed, 30 insertions(+), 0 deletions(-) + +diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl +index 2da46d6..4ee5774 100644 +--- a/netwerk/base/public/nsICachingChannel.idl ++++ b/netwerk/base/public/nsICachingChannel.idl +@@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel + attribute nsISupports cacheKey; + + /** ++ * Set/get the cache domain... uniquely identifies the data in the cache ++ * for this channel. Holding a reference to this key does NOT prevent ++ * the cached data from being removed. ++ */ ++ attribute AUTF8String cacheDomain; ++ ++ /** + * Specifies whether or not the data should be cached to a file. This + * may fail if the disk cache is not present. The value of this attribute + * is usually only settable during the processing of a channel's +diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp +index 7a3254e..cef5eaa 100644 +--- a/netwerk/protocol/http/nsHttpChannel.cpp ++++ b/netwerk/protocol/http/nsHttpChannel.cpp +@@ -2379,6 +2379,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, + cacheKey.Append(buf); + } + ++ if (strlen(mCacheDomain.get()) > 0) { ++ cacheKey.AppendLiteral("domain="); ++ cacheKey.Append(mCacheDomain.get()); ++ cacheKey.AppendLiteral("&"); ++ } ++ + if (!cacheKey.IsEmpty()) { + cacheKey.AppendLiteral("uri="); + } +@@ -4658,6 +4664,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value) + } + + NS_IMETHODIMP ++nsHttpChannel::GetCacheDomain(nsACString &value) ++{ ++ value = mCacheDomain; ++ ++ return NS_OK; ++} ++ ++NS_IMETHODIMP ++nsHttpChannel::SetCacheDomain(const nsACString &value) ++{ ++ mCacheDomain = value; ++ ++ return NS_OK; ++} ++ ++NS_IMETHODIMP + nsHttpChannel::GetOfflineCacheClientID(nsACString &value) + { + value = mOfflineCacheClientID; +diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h +index dd0d7f4..f5016a8 100644 +--- a/netwerk/protocol/http/nsHttpChannel.h ++++ b/netwerk/protocol/http/nsHttpChannel.h +@@ -312,6 +312,7 @@ private: + nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry; + nsCacheAccessMode mOfflineCacheAccess; + nsCString mOfflineCacheClientID; ++ nsCString mCacheDomain; + + // auth specific data + nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider; +-- +1.7.3.4 + diff --git a/src/current-patches/0005-Smash-the-state.patch b/src/current-patches/0005-Smash-the-state.patch deleted file mode 100644 index 6a6b69e..0000000 --- a/src/current-patches/0005-Smash-the-state.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 6215e898232ba74a3676f87226a64501874fcbd2 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git(a)fscked.org> -Date: Tue, 30 Aug 2011 13:34:14 -0700 -Subject: [PATCH 5/5] Smash the state. - -What happened to you, Nederlanden? You used to be cool. ---- - security/manager/ssl/src/nsNSSCallbacks.cpp | 7 ------- - 1 files changed, 0 insertions(+), 7 deletions(-) - -diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp -index 5e3a888..43e1c19 100644 ---- a/security/manager/ssl/src/nsNSSCallbacks.cpp -+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp -@@ -1065,13 +1065,6 @@ PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert, - } - } - } -- -- // By request of the Dutch government -- if (!strcmp(node->cert->issuerName, -- "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") && -- CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) { -- return 0; -- } - } - - if (isDigiNotarIssuedCert) --- -1.7.3.4 - diff --git a/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch new file mode 100644 index 0000000..961422a --- /dev/null +++ b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch @@ -0,0 +1,148 @@ +From 30836f3af346970e58dc98308feebae3f53b9dc7 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Sat, 3 Sep 2011 00:10:35 -0700 +Subject: [PATCH 6/7] Randomize HTTP pipeline order and depth. + +Also turn up maximum depth to 12. + +This is an experimental defense against +http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf +--- + netwerk/protocol/http/nsHttpConnectionMgr.cpp | 77 ++++++++++++++++++++++++- + netwerk/protocol/http/nsHttpConnectionMgr.h | 4 + + 2 files changed, 80 insertions(+), 1 deletions(-) + +diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp +index 108f2c5..38feda3 100644 +--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp ++++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp +@@ -93,6 +93,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr() + , mTimeOfNextWakeUp(LL_MAXUINT) + { + LOG(("Creating nsHttpConnectionMgr @%x\n", this)); ++ nsresult rv; ++ mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv); ++ if (NS_FAILED(rv)) { ++ mRandomGenerator = nsnull; ++ } + } + + nsHttpConnectionMgr::~nsHttpConnectionMgr() +@@ -794,7 +799,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent, + nsHttpPipeline *pipeline = nsnull; + if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) { + LOG((" looking to build pipeline...\n")); +- if (BuildPipeline(ent, trans, &pipeline)) ++ if (BuildRandomizedPipeline(ent, trans, &pipeline)) + trans = pipeline; + } + +@@ -867,6 +872,76 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent, + return PR_TRUE; + } + ++PRBool ++nsHttpConnectionMgr::BuildRandomizedPipeline(nsConnectionEntry *ent, ++ nsAHttpTransaction *firstTrans, ++ nsHttpPipeline **result) ++{ ++ if (mRandomGenerator == nsnull) ++ return BuildPipeline(ent, firstTrans, result); ++ if (mMaxPipelinedRequests < 2) ++ return PR_FALSE; ++ ++ nsresult rv; ++ PRUint8 *bytes = nsnull; ++ ++ nsHttpPipeline *pipeline = nsnull; ++ nsHttpTransaction *trans; ++ ++ PRUint32 i = 0, numAdded = 0, numAllowed = 0; ++ PRUint32 max = 0; ++ ++ while (i < ent->mPendingQ.Length()) { ++ if (ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING) ++ numAllowed++; ++ i++; ++ } ++ ++ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes); ++ NS_ENSURE_SUCCESS(rv, rv); ++ // 4...12 ++ max = 4 + (bytes[0] % mMaxPipelinedRequests); ++ NS_Free(bytes); ++ ++ while (numAllowed > 0) { ++ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes); ++ NS_ENSURE_SUCCESS(rv, rv); ++ i = bytes[0] % ent->mPendingQ.Length(); ++ NS_Free(bytes); ++ ++ trans = ent->mPendingQ[i]; ++ ++ if (!(ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING)) ++ continue; ++ ++ if (numAdded == 0) { ++ pipeline = new nsHttpPipeline; ++ if (!pipeline) ++ return PR_FALSE; ++ pipeline->AddTransaction(firstTrans); ++ numAdded = 1; ++ } ++ pipeline->AddTransaction(trans); ++ ++ // remove transaction from pending queue ++ ent->mPendingQ.RemoveElementAt(i); ++ NS_RELEASE(trans); ++ ++ numAllowed--; ++ ++ if (++numAdded == max) ++ break; ++ } ++ ++ if (numAdded == 0) ++ return PR_FALSE; ++ ++ fprintf(stderr, "Yay!!! pipelined %u/%u transactions\n", numAdded, max); ++ LOG((" pipelined %u transactions\n", numAdded)); ++ NS_ADDREF(*result = pipeline); ++ return PR_TRUE; ++} ++ + nsresult + nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans) + { +diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h +index fc3ed1d..7dde291 100644 +--- a/netwerk/protocol/http/nsHttpConnectionMgr.h ++++ b/netwerk/protocol/http/nsHttpConnectionMgr.h +@@ -48,6 +48,7 @@ + #include "nsAutoPtr.h" + #include "mozilla/ReentrantMonitor.h" + #include "nsISocketTransportService.h" ++#include "nsIRandomGenerator.h" + + #include "nsIObserver.h" + #include "nsITimer.h" +@@ -264,6 +265,7 @@ private: + nsresult DispatchTransaction(nsConnectionEntry *, nsAHttpTransaction *, + PRUint8 caps, nsHttpConnection *); + PRBool BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **); ++ PRBool BuildRandomizedPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **); + nsresult ProcessNewTransaction(nsHttpTransaction *); + nsresult EnsureSocketThreadTargetIfOnline(); + nsresult CreateTransport(nsConnectionEntry *, nsHttpTransaction *); +@@ -339,6 +341,8 @@ private: + PRUint64 mTimeOfNextWakeUp; + // Timer for next pruning of dead connections. + nsCOMPtr<nsITimer> mTimer; ++ // Random number generator for reordering HTTP pipeline ++ nsCOMPtr<nsIRandomGenerator> mRandomGenerator; + + // + // the connection table +-- +1.7.3.4 + diff --git a/src/current-patches/0007-Smash-the-state.patch b/src/current-patches/0007-Smash-the-state.patch new file mode 100644 index 0000000..16b03ea --- /dev/null +++ b/src/current-patches/0007-Smash-the-state.patch @@ -0,0 +1,37 @@ +From b6b74cdac09ed294ea1b965e39e4e9ae64c5cbd8 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Sat, 3 Sep 2011 03:00:26 -0700 +Subject: [PATCH 7/7] Smash the state. + +What happened to you, Nederlanden? You used to be cool. + +This exemption is insecure as-is anyway, because we have no way of verifying +that DigiNotar wasn't compromised enough to allow the attacker to sign +certificates with an issuer string matching this exemption. The adversary +would then be able to create a chain of Entrust -> DigiNotar -> "Staat der +Nederlanden" -> *.torproject.org or *.google.com. +--- + security/manager/ssl/src/nsNSSCallbacks.cpp | 7 ------- + 1 files changed, 0 insertions(+), 7 deletions(-) + +diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp +index 5e3a888..43e1c19 100644 +--- a/security/manager/ssl/src/nsNSSCallbacks.cpp ++++ b/security/manager/ssl/src/nsNSSCallbacks.cpp +@@ -1065,13 +1065,6 @@ PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert, + } + } + } +- +- // By request of the Dutch government +- if (!strcmp(node->cert->issuerName, +- "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") && +- CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) { +- return 0; +- } + } + + if (isDigiNotarIssuedCert) +-- +1.7.3.4 +

1 0

[torbrowser/master] Bug #3907: Provide Auth headers to on-modify-request
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit cf3b2270e3d6961d2fc8951f13d8093b9965bf3e Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Fri Sep 2 15:52:58 2011 -0700 Bug #3907: Provide Auth headers to on-modify-request Bug #3748 isn't fully solved without this patch. Thanks again to Georg Koppen. --- ...th-headers-before-the-modify-request-obse.patch | 51 ++++++++++++++++++++ 1 files changed, 51 insertions(+), 0 deletions(-) diff --git a/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch new file mode 100644 index 0000000..3f270d6 --- /dev/null +++ b/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch @@ -0,0 +1,51 @@ +From 8c2bf692deecb4efbfd2e9c4eba1d702b89a0f05 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Fri, 2 Sep 2011 15:33:20 -0700 +Subject: [PATCH 6/6] Add HTTP auth headers before the modify-request observer. + +Otherwise, how are we supposed to modify them? + +Thanks to Georg Koppen for spotting both the problem and this fix. +--- + netwerk/protocol/http/nsHttpChannel.cpp | 11 +++++++---- + 1 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp +index 7038338..7a3254e 100644 +--- a/netwerk/protocol/http/nsHttpChannel.cpp ++++ b/netwerk/protocol/http/nsHttpChannel.cpp +@@ -311,9 +311,6 @@ nsHttpChannel::Connect(PRBool firstTime) + return NS_ERROR_DOCUMENT_NOT_CACHED; + } + +- // check to see if authorization headers should be included +- mAuthProvider->AddAuthorizationHeaders(); +- + if (mLoadFlags & LOAD_NO_NETWORK_IO) { + return NS_ERROR_DOCUMENT_NOT_CACHED; + } +@@ -3687,6 +3684,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context) + + AddCookiesToRequest(); + ++ // check to see if authorization headers should be included ++ mAuthProvider->AddAuthorizationHeaders(); ++ + // notify "http-on-modify-request" observers + gHttpHandler->OnModifyRequest(this); + +@@ -4758,7 +4758,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn) + // this authentication attempt (bug 84794). + // TODO: save cookies from auth response and send them here (bug 572151). + AddCookiesToRequest(); +- ++ ++ // check to see if authorization headers should be included ++ mAuthProvider->AddAuthorizationHeaders(); ++ + // notify "http-on-modify-request" observers + gHttpHandler->OnModifyRequest(this); + +-- +1.7.3.4 +

1 0

[torbrowser/master] update windows and linux to 2.2.32-1 as well
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit 17c0d034c0e078a9a4e6353a2e7a8279d4f3a72b Author: Erinn Clark <erinn(a)torproject.org> Date: Sun Aug 28 19:21:48 2011 +0100 update windows and linux to 2.2.32-1 as well --- README.LINUX-2.2 | 6 +++--- README.WIN-2.2 | 8 ++++---- build-scripts/windows.mk | 2 +- changelog.linux-2.2 | 9 +++++++++ changelog.win-2.2 | 11 ++++++++++- 5 files changed, 27 insertions(+), 9 deletions(-) diff --git a/README.LINUX-2.2 b/README.LINUX-2.2 index 47f2684..176ee30 100644 --- a/README.LINUX-2.2 +++ b/README.LINUX-2.2 @@ -4,10 +4,10 @@ Tor Browser Bundle for GNU/Linux Included applications --------------------- -Vidalia 0.2.12 (with Qt 4.6.2) -Tor 0.2.2.31-rc (with libevent-2.0.13-stable, zlib-1.2.5 and openssl-1.0.0d) +Vidalia 0.2.14 (with Qt 4.6.2) +Tor 0.2.2.32 (with libevent-2.0.13-stable, zlib-1.2.5 and openssl-1.0.0d) Firefox (Aurora) 6.0 - \_ Torbutton 1.4.0 + \_ Torbutton 1.4.1 |_ NoScript 2.1.2.6 |_ HTTPS-Everywhere 1.0.0development.5 diff --git a/README.WIN-2.2 b/README.WIN-2.2 index 519c64f..5ab55a0 100644 --- a/README.WIN-2.2 +++ b/README.WIN-2.2 @@ -4,11 +4,11 @@ Tor Browser Bundle for Windows Included applications --------------------- -Vidalia 0.2.12 (with Qt 4.6.2) -Tor 0.2.2.31-rc (with libevent-2.0.13-stable, zlib-1.2.5 and openssl-1.0.0d) -FirefoxPortable 5.0.1 +Vidalia 0.2.14 (with Qt 4.6.2) +Tor 0.2.2.32 (with libevent-2.0.13-stable, zlib-1.2.5 and openssl-1.0.0d) +FirefoxPortable 6.0 \_ Firefox (Aurora) 6.0 - \_ Torbutton 1.4.0 + \_ Torbutton 1.4.1 |_ NoScript 2.1.2.6 |_ HTTPS-Everywhere 1.0.0development.5 diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk index 1a52f6a..294b2c6 100644 --- a/build-scripts/windows.mk +++ b/build-scripts/windows.mk @@ -138,7 +138,7 @@ NAME="Tor Browser" DISTDIR=tbbwin-alpha-dist ## Version and name of the compressed bundle (also used for source) -VERSION=$(RELEASE_VER)-2-alpha +VERSION=$(RELEASE_VER)-1-alpha DEFAULT_COMPRESSED_BASENAME=tor-browser-$(VERSION) IM_COMPRESSED_BASENAME=tor-im-browser-$(VERSION) DEFAULT_COMPRESSED_NAME=$(DEFAULT_COMPRESSED_BASENAME) diff --git a/changelog.linux-2.2 b/changelog.linux-2.2 index 1d29228..6d49e4a 100644 --- a/changelog.linux-2.2 +++ b/changelog.linux-2.2 @@ -1,3 +1,12 @@ +Tor Browser Bundle (2.2.32-1) alpha; suite=linux + + * Update Tor to 0.2.2.32 + * Update Vidalia to 0.2.14 + * Update Torbutton to 1.4.1 + * Enable automatic port choosing (closes: #2264) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 28 17:20:46 BST 2011 + Tor Browser Bundle (2.2.31-2) alpha; suite=linux * Fix x86_64 bundle to have the right libraries and binaries (closes: #3773) diff --git a/changelog.win-2.2 b/changelog.win-2.2 index bc070ec..96eae99 100644 --- a/changelog.win-2.2 +++ b/changelog.win-2.2 @@ -1,4 +1,13 @@ -Tor Browser Bundle (2.2.30-1) alpha; suite=windows +Tor Browser Bundle (2.2.32-1) alpha; suite=windows + + * Update Tor to 0.2.2.32 + * Update Vidalia to 0.2.14 + * Update Torbutton to 1.4.1 + * Enable automatic port choosing (closes: #2264) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 28 17:20:46 BST 2011 + +Tor Browser Bundle (2.2.31-1) alpha; suite=windows * Update Tor to 0.2.2.31-rc * Update Firefox to 6.0

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits October 2011