tor-commits September 2011

tor-commits@lists.torproject.org

19 participants
865 discussions

[flashproxy/master] Add a dummy should_disable function.
by dcf＠torproject.org 04 Sep '11

04 Sep '11

commit 25e2e026ede28979b5cdf32a2678f241f5a1fbf2 Author: David Fifield <david(a)bamsoftware.com> Date: Sun Sep 4 13:27:54 2011 -0700 Add a dummy should_disable function. This function controls whether the flash proxy will disable itself, which we'll do roughly whenever we're running on a mobile browser. --- swfcat.as | 13 +++++++++++++ 1 files changed, 13 insertions(+), 0 deletions(-) diff --git a/swfcat.as b/swfcat.as index 73f3760..8742bce 100644 --- a/swfcat.as +++ b/swfcat.as @@ -134,12 +134,25 @@ package return default_addr; } + /* Are circumstances such that we should self-disable and not be a + proxy? We take a best-effort guess as to whether this device runs on + a battery or the data transfer might be expensive. */ + private function should_disable():Boolean + { + return false; + } + /* The main logic begins here, after start-up issues are taken care of. */ private function proxy_main():void { var fac_url:String; var loader:URLLoader; + if (should_disable()) { + puts("Disabling self."); + return; + } + if (proxy_pairs.length >= MAX_NUM_PROXY_PAIRS) { setTimeout(proxy_main, FACILITATOR_POLL_INTERVAL); return;

1 0

[torbrowser/maint-2.2] Merge branches 'firefox-6.0.1' and 'maint-2.2' into maint-2.2
by erinn＠torproject.org 04 Sep '11

04 Sep '11

commit a9695967ea91ee70f3b20ffe2f19c6442187d3c6 Author: Erinn Clark <erinn(a)torproject.org> Date: Sun Sep 4 22:06:25 2011 +0100 Merge branches 'firefox-6.0.1' and 'maint-2.2' into maint-2.2

1 0

[torbrowser/maint-2.2] Merge branches 'bug3907+3666' and 'maint-2.2' into maint-2.2
by erinn＠torproject.org 04 Sep '11

04 Sep '11

commit 85e212a588510ae80435096b0c95cdf03a924ab8 Merge: a969596 9e3fe9a Author: Erinn Clark <erinn(a)torproject.org> Date: Sun Sep 4 22:12:45 2011 +0100 Merge branches 'bug3907+3666' and 'maint-2.2' into maint-2.2 src/archived-patches/0005-Smash-the-state.patch | 37 +++++++++ ...th-headers-before-the-modify-request-obse.patch | 51 ++++++++++++ .../0007-Add-a-string-based-cacheKey.patch | 85 ++++++++++++++++++++ 3 files changed, 173 insertions(+), 0 deletions(-) diff --cc src/archived-patches/0005-Smash-the-state.patch index 0000000,0000000..16b03ea new file mode 100644 --- /dev/null +++ b/src/archived-patches/0005-Smash-the-state.patch @@@ -1,0 -1,0 +1,37 @@@ ++From b6b74cdac09ed294ea1b965e39e4e9ae64c5cbd8 Mon Sep 17 00:00:00 2001 ++From: Mike Perry <mikeperry-git(a)fscked.org> ++Date: Sat, 3 Sep 2011 03:00:26 -0700 ++Subject: [PATCH 7/7] Smash the state. ++ ++What happened to you, Nederlanden? You used to be cool. ++ ++This exemption is insecure as-is anyway, because we have no way of verifying ++that DigiNotar wasn't compromised enough to allow the attacker to sign ++certificates with an issuer string matching this exemption. The adversary ++would then be able to create a chain of Entrust -> DigiNotar -> "Staat der ++Nederlanden" -> *.torproject.org or *.google.com. ++--- ++ security/manager/ssl/src/nsNSSCallbacks.cpp | 7 ------- ++ 1 files changed, 0 insertions(+), 7 deletions(-) ++ ++diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp ++index 5e3a888..43e1c19 100644 ++--- a/security/manager/ssl/src/nsNSSCallbacks.cpp +++++ b/security/manager/ssl/src/nsNSSCallbacks.cpp ++@@ -1065,13 +1065,6 @@ PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert, ++ } ++ } ++ } ++- ++- // By request of the Dutch government ++- if (!strcmp(node->cert->issuerName, ++- "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") && ++- CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) { ++- return 0; ++- } ++ } ++ ++ if (isDigiNotarIssuedCert) ++-- ++1.7.3.4 ++

1 0

[torbrowser/maint-2.2] bump firefox to 6.0.2 and torbutton to 1.4.2
by erinn＠torproject.org 04 Sep '11

04 Sep '11

commit 46ab669999130dd7db6129ffd293cf878eec49e5 Author: Erinn Clark <erinn(a)torproject.org> Date: Sun Sep 4 13:25:21 2011 +0100 bump firefox to 6.0.2 and torbutton to 1.4.2 --- build-scripts/versions.mk | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk index 666b28a..f2f3288 100644 --- a/build-scripts/versions.mk +++ b/build-scripts/versions.mk @@ -3,7 +3,7 @@ RELEASE_VER=2.2.32 HTTPSEVERY_VER=1.0.0development.5 -FIREFOX_VER=6.0.1 +FIREFOX_VER=6.0.2 LIBEVENT_VER=2.0.14-stable LIBPNG_VER=1.4.3 NOSCRIPT_VER=2.1.2.6 @@ -13,7 +13,7 @@ PIDGIN_VER=2.6.4 POLIPO_VER=1.0.4.1 QT_VER=4.6.2 TOR_VER=0.2.2.32 -TORBUTTON_VER=1.4.1 +TORBUTTON_VER=1.4.2 VIDALIA_VER=0.2.14 ZLIB_VER=1.4.0

1 0

[torbrowser/maint-2.2] Rebase for Firefox 6.0.1
by erinn＠torproject.org 04 Sep '11

04 Sep '11

commit c382425b6cabec5d0e664db3de4c4111d9f5fe1c Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Sat Sep 3 02:45:35 2011 -0700 Rebase for Firefox 6.0.1 Drop our version of the DigiNotar patch, but keep the Dutch exemption removal. --- ...ock-Components.interfaces-lookupMethod-fr.patch | 4 +- ...fox6-Make-Permissions-Manager-memory-only.patch | 4 +- ...-Make-Intermediate-Cert-Store-memory-only.patch | 4 +- ...th-headers-before-the-modify-request-obse.patch | 51 + .../0004-Remove-DigiNotar-root.patch | 1842 -------------------- .../0005-Add-a-string-based-cacheKey.patch | 85 + src/current-patches/0005-Smash-the-state.patch | 31 - ...6-Randomize-HTTP-pipeline-order-and-depth.patch | 148 ++ src/current-patches/0007-Smash-the-state.patch | 37 + 9 files changed, 327 insertions(+), 1879 deletions(-) diff --git a/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch b/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch index 39a5c99..cfef3c2 100644 --- a/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch +++ b/src/current-patches/0001-Firefox6-Block-Components.interfaces-lookupMethod-fr.patch @@ -1,7 +1,7 @@ -From c745f4022a8795e81a690c4a680d46aa407ba6c7 Mon Sep 17 00:00:00 2001 +From 1e21a3046829028f07c9bd13945e8bbeee2d5aad Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git(a)fscked.org> Date: Mon, 20 Jun 2011 17:07:41 -0700 -Subject: [PATCH 1/3] Firefox6: Block Components.interfaces,lookupMethod from content +Subject: [PATCH 1/7] Firefox6: Block Components.interfaces,lookupMethod from content This patch removes the ability of content script to access Components.interfaces.* as well as call or access Components.lookupMethod. diff --git a/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch b/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch index 35262e6..ac1ae8b 100644 --- a/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch +++ b/src/current-patches/0002-Firefox6-Make-Permissions-Manager-memory-only.patch @@ -1,7 +1,7 @@ -From 1eb6ddb69b9fa4b82a555398d2c47b8ef1166ae2 Mon Sep 17 00:00:00 2001 +From c8cbe2617fd627f3edbd64c7ddaf99e6dd0301fb Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git(a)fscked.org> Date: Mon, 20 Jun 2011 17:07:56 -0700 -Subject: [PATCH 2/3] Firefox6: Make Permissions Manager memory-only +Subject: [PATCH 2/7] Firefox6: Make Permissions Manager memory-only This patch exposes a pref 'permissions.memory_only' that properly isolates the permissions manager to memory, which is responsible for all user specified diff --git a/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch index 68d426d..34a2a3e 100644 --- a/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch +++ b/src/current-patches/0003-Firefox6-Make-Intermediate-Cert-Store-memory-only.patch @@ -1,7 +1,7 @@ -From c50f65a9f11e09332c2c97678b685d2bdcad7d62 Mon Sep 17 00:00:00 2001 +From 66d789bb9eb916dc909f7fda79f988c4360a3924 Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git(a)fscked.org> Date: Fri, 19 Aug 2011 17:58:23 -0700 -Subject: [PATCH 3/3] Firefox6: Make Intermediate Cert Store memory-only. +Subject: [PATCH 3/7] Firefox6: Make Intermediate Cert Store memory-only. This patch makes the intermediate SSL cert store exist in memory only. diff --git a/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch new file mode 100644 index 0000000..522407b --- /dev/null +++ b/src/current-patches/0004-Add-HTTP-auth-headers-before-the-modify-request-obse.patch @@ -0,0 +1,51 @@ +From 3e7e9375aff79629b13332cf250715b155535a5b Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Fri, 2 Sep 2011 15:33:20 -0700 +Subject: [PATCH 4/7] Add HTTP auth headers before the modify-request observer. + +Otherwise, how are we supposed to modify them? + +Thanks to Georg Koppen for spotting both the problem and this fix. +--- + netwerk/protocol/http/nsHttpChannel.cpp | 11 +++++++---- + 1 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp +index 7038338..7a3254e 100644 +--- a/netwerk/protocol/http/nsHttpChannel.cpp ++++ b/netwerk/protocol/http/nsHttpChannel.cpp +@@ -311,9 +311,6 @@ nsHttpChannel::Connect(PRBool firstTime) + return NS_ERROR_DOCUMENT_NOT_CACHED; + } + +- // check to see if authorization headers should be included +- mAuthProvider->AddAuthorizationHeaders(); +- + if (mLoadFlags & LOAD_NO_NETWORK_IO) { + return NS_ERROR_DOCUMENT_NOT_CACHED; + } +@@ -3687,6 +3684,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context) + + AddCookiesToRequest(); + ++ // check to see if authorization headers should be included ++ mAuthProvider->AddAuthorizationHeaders(); ++ + // notify "http-on-modify-request" observers + gHttpHandler->OnModifyRequest(this); + +@@ -4758,7 +4758,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn) + // this authentication attempt (bug 84794). + // TODO: save cookies from auth response and send them here (bug 572151). + AddCookiesToRequest(); +- ++ ++ // check to see if authorization headers should be included ++ mAuthProvider->AddAuthorizationHeaders(); ++ + // notify "http-on-modify-request" observers + gHttpHandler->OnModifyRequest(this); + +-- +1.7.3.4 + diff --git a/src/current-patches/0004-Remove-DigiNotar-root.patch b/src/current-patches/0004-Remove-DigiNotar-root.patch deleted file mode 100644 index 7a47d22..0000000 --- a/src/current-patches/0004-Remove-DigiNotar-root.patch +++ /dev/null @@ -1,1842 +0,0 @@ -From 89d3bf65adf55183297ba7c3db4389130053a5c0 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git(a)fscked.org> -Date: Tue, 30 Aug 2011 11:59:50 -0700 -Subject: [PATCH 4/5] Remove DigiNotar root. - -This commit applies the three Firefox patches that will appear in 6.0.1: -https://hg.mozilla.org/releases/mozilla-release/rev/b5f28acb61c0 -https://hg.mozilla.org/releases/mozilla-release/rev/1cb931c6824a -https://hg.mozilla.org/releases/mozilla-release/rev/43636529bf9d - -We include the Dutch Gov't exemption in this patch. We intend to remove it in -the next patch. We do this so that we can drop this patch but still keep the -next one once we rebase to Firefox 6.0.1. ---- - .../webBrowser/nsWebBrowserContentPolicy.cpp | 15 +- - security/manager/ssl/src/nsIdentityChecking.cpp | 12 - - security/manager/ssl/src/nsNSSCallbacks.cpp | 72 +++- - security/manager/ssl/src/nsNSSCallbacks.h | 3 + - security/manager/ssl/src/nsNSSIOLayer.cpp | 7 +- - security/manager/ssl/src/nsNSSIOLayer.h | 7 + - security/nss/lib/ckfw/builtins/certdata.c | 429 +++++++------------- - security/nss/lib/ckfw/builtins/certdata.txt | 155 ------- - 8 files changed, 234 insertions(+), 466 deletions(-) - -diff --git a/embedding/browser/webBrowser/nsWebBrowserContentPolicy.cpp b/embedding/browser/webBrowser/nsWebBrowserContentPolicy.cpp -index 594a36f..f0f574d 100644 ---- a/embedding/browser/webBrowser/nsWebBrowserContentPolicy.cpp -+++ b/embedding/browser/webBrowser/nsWebBrowserContentPolicy.cpp -@@ -37,6 +37,8 @@ - * - * ***** END LICENSE BLOCK ***** */ - -+#define protected public -+#include <iostream> - #include "nsWebBrowserContentPolicy.h" - #include "nsIDocShell.h" - #include "nsCOMPtr.h" -@@ -55,9 +57,11 @@ nsWebBrowserContentPolicy::~nsWebBrowserContentPolicy() - NS_IMPL_ISUPPORTS1(nsWebBrowserContentPolicy, nsIContentPolicy) - - static nsresult --PerformPolicyCheck(PRUint32 contentType, -+PerformPolicyCheck(nsIURI *contentLocation, -+ PRUint32 contentType, - nsISupports *requestingContext, -- PRInt16 *decision) -+ PRInt16 *decision, -+ const nsACString &mimeGuess) - { - NS_PRECONDITION(decision, "Null out param"); - -@@ -70,10 +74,15 @@ PerformPolicyCheck(PRUint32 contentType, - - nsresult rv; - PRBool allowed = PR_TRUE; -+ nsACString spec; - - switch (contentType) { - case nsIContentPolicy::TYPE_OBJECT: - rv = shell->GetAllowPlugins(&allowed); -+ contentLocation->GetSpec(spec); -+ std::cerr << ToNewCString(spec) << " "; -+ std::cerr << ToNewCString(mimeGuess) << std::endl; -+ allowed = PR_TRUE; - break; - case nsIContentPolicy::TYPE_SCRIPT: - rv = shell->GetAllowJavascript(&allowed); -@@ -109,7 +118,7 @@ nsWebBrowserContentPolicy::ShouldLoad(PRUint32 contentType, - nsISupports *extra, - PRInt16 *shouldLoad) - { -- return PerformPolicyCheck(contentType, requestingContext, shouldLoad); -+ return PerformPolicyCheck(contentLocation, contentType, requestingContext, shouldLoad, mimeGuess); - } - - NS_IMETHODIMP -diff --git a/security/manager/ssl/src/nsIdentityChecking.cpp b/security/manager/ssl/src/nsIdentityChecking.cpp -index 1a3f38e..fb71372 100644 ---- a/security/manager/ssl/src/nsIdentityChecking.cpp -+++ b/security/manager/ssl/src/nsIdentityChecking.cpp -@@ -123,18 +123,6 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { - nsnull - }, - { -- // E=info(a)diginotar.nl,CN=DigiNotar Root CA,O=DigiNotar,C=NL -- "2.16.528.1.1001.1.1.1.12.6.1.1.1", -- "DigiNotar EV OID", -- SEC_OID_UNKNOWN, -- "C0:60:ED:44:CB:D8:81:BD:0E:F8:6C:0B:A2:87:DD:CF:81:67:47:8C", -- "MF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQKEwlEaWdpTm90YXIxGjAYBgNVBAMTEURp" -- "Z2lOb3RhciBSb290IENBMSAwHgYJKoZIhvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5u" -- "bA==", -- "DHbanJEMTiye/hXQWJM8TA==", -- nsnull -- }, -- { - // CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH - "2.16.756.1.89.1.2.1.1", - "SwissSign EV OID", -diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp -index 33cab2f..5e3a888 100644 ---- a/security/manager/ssl/src/nsNSSCallbacks.cpp -+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp -@@ -1034,6 +1034,53 @@ static struct nsSerialBinaryBlacklistEntry myUTNBlacklistEntries[] = { - { 0, 0 } // end marker - }; - -+// Bug 682927: Do not trust any DigiNotar-issued certificates. -+// We do this check after normal certificate validation because we do not -+// want to override a "revoked" OCSP response. -+PRErrorCode -+PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert, -+ CERTCertList * serverCertChain) -+{ -+ PRBool isDigiNotarIssuedCert = PR_FALSE; -+ -+ for (CERTCertListNode *node = CERT_LIST_HEAD(serverCertChain); -+ !CERT_LIST_END(node, serverCertChain); -+ node = CERT_LIST_NEXT(node)) { -+ if (!node->cert->issuerName) -+ continue; -+ -+ if (strstr(node->cert->issuerName, "CN=DigiNotar")) { -+ isDigiNotarIssuedCert = PR_TRUE; -+ // Do not let the user override the error if the cert was -+ // chained from the "DigiNotar Root CA" cert and the cert was issued -+ // within the time window in which we think the mis-issuance(s) occurred. -+ if (strstr(node->cert->issuerName, "CN=DigiNotar Root CA")) { -+ PRTime cutoff = 0, notBefore = 0, notAfter = 0; -+ PRStatus status = PR_ParseTimeString("01-JUL-2011 00:00", PR_TRUE, &cutoff); -+ NS_ASSERTION(status == PR_SUCCESS, "PR_ParseTimeString failed"); -+ if (status != PR_SUCCESS || -+ CERT_GetCertTimes(serverCert, &notBefore, &notAfter) != SECSuccess || -+ notBefore >= cutoff) { -+ return SEC_ERROR_REVOKED_CERTIFICATE; -+ } -+ } -+ } -+ -+ // By request of the Dutch government -+ if (!strcmp(node->cert->issuerName, -+ "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") && -+ CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) { -+ return 0; -+ } -+ } -+ -+ if (isDigiNotarIssuedCert) -+ return SEC_ERROR_UNTRUSTED_ISSUER; // user can override this -+ else -+ return 0; // No DigiNotor cert => carry on as normal -+} -+ -+ - SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, - PRBool checksig, PRBool isServer) { - nsNSSShutDownPreventionLock locker; -@@ -1079,7 +1126,7 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, - } - } - } -- -+ - SECStatus rv = PSM_SSL_PKIX_AuthCertificate(fd, serverCert, checksig, isServer); - - // We want to remember the CA certs in the temp db, so that the application can find the -@@ -1095,14 +1142,28 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, - nsc = nsNSSCertificate::Create(serverCert); - } - -- if (SECSuccess == rv) { -+ CERTCertList *certList = nsnull; -+ if (rv == SECSuccess) { -+ certList = CERT_GetCertChainFromCert(serverCert, PR_Now(), certUsageSSLCA); -+ if (!certList) { -+ rv = SECFailure; -+ } else { -+ PRErrorCode blacklistErrorCode = PSM_SSL_BlacklistDigiNotar(serverCert, -+ certList); -+ if (blacklistErrorCode != 0) { -+ infoObject->SetCertIssuerBlacklisted(); -+ PORT_SetError(blacklistErrorCode); -+ rv = SECFailure; -+ } -+ } -+ } -+ -+ if (rv == SECSuccess) { - if (nsc) { - PRBool dummyIsEV; - nsc->GetIsExtendedValidation(&dummyIsEV); // the nsc object will cache the status - } - -- CERTCertList *certList = CERT_GetCertChainFromCert(serverCert, PR_Now(), certUsageSSLCA); -- - nsCOMPtr<nsINSSComponent> nssComponent; - - for (CERTCertListNode *node = CERT_LIST_HEAD(certList); -@@ -1138,6 +1199,9 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, - PR_FREEIF(nickname); - } - -+ } -+ -+ if (certList) { - CERT_DestroyCertList(certList); - } - -diff --git a/security/manager/ssl/src/nsNSSCallbacks.h b/security/manager/ssl/src/nsNSSCallbacks.h -index fd4481e..adbb42a 100644 ---- a/security/manager/ssl/src/nsNSSCallbacks.h -+++ b/security/manager/ssl/src/nsNSSCallbacks.h -@@ -55,6 +55,9 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc *fd, void *client_data); - SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, - PRBool checksig, PRBool isServer); - -+PRErrorCode PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert, -+ CERTCertList * serverCertChain); -+ - SECStatus RegisterMyOCSPAIAInfoCallback(); - SECStatus UnregisterMyOCSPAIAInfoCallback(); - -diff --git a/security/manager/ssl/src/nsNSSIOLayer.cpp b/security/manager/ssl/src/nsNSSIOLayer.cpp -index c89030d..78cb3ec 100644 ---- a/security/manager/ssl/src/nsNSSIOLayer.cpp -+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp -@@ -226,7 +226,8 @@ nsNSSSocketInfo::nsNSSSocketInfo() - mAllowTLSIntoleranceTimeout(PR_TRUE), - mRememberClientAuthCertificate(PR_FALSE), - mHandshakeStartTime(0), -- mPort(0) -+ mPort(0), -+ mIsCertIssuerBlacklisted(PR_FALSE) - { - mThreadData = new nsSSLSocketThreadData; - } -@@ -3442,6 +3443,10 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket) - cvout, (void*)infoObject); - } - -+ if (infoObject->IsCertIssuerBlacklisted()) { -+ collected_errors |= nsICertOverrideService::ERROR_UNTRUSTED; -+ } -+ - // We ignore the result code of the cert verification. - // Either it is a failure, which is expected, and we'll process the - // verify log below. -diff --git a/security/manager/ssl/src/nsNSSIOLayer.h b/security/manager/ssl/src/nsNSSIOLayer.h -index 698bc06..0af2930 100644 ---- a/security/manager/ssl/src/nsNSSIOLayer.h -+++ b/security/manager/ssl/src/nsNSSIOLayer.h -@@ -202,6 +202,12 @@ public: - - PRStatus CloseSocketAndDestroy(); - -+ PRBool IsCertIssuerBlacklisted() const { -+ return mIsCertIssuerBlacklisted; -+ } -+ void SetCertIssuerBlacklisted() { -+ mIsCertIssuerBlacklisted = PR_TRUE; -+ } - protected: - nsCOMPtr<nsIInterfaceRequestor> mCallbacks; - PRFileDesc* mFd; -@@ -229,6 +235,7 @@ protected: - PRIntervalTime mHandshakeStartTime; - PRInt32 mPort; - nsXPIDLCString mHostName; -+ PRErrorCode mIsCertIssuerBlacklisted; - - /* SSL Status */ - nsRefPtr<nsSSLStatus> mSSLStatus; -diff --git a/security/nss/lib/ckfw/builtins/certdata.c b/security/nss/lib/ckfw/builtins/certdata.c -index 13a05ba..68ae468 100644 ---- a/security/nss/lib/ckfw/builtins/certdata.c -+++ b/security/nss/lib/ckfw/builtins/certdata.c -@@ -35,7 +35,7 @@ - * - * ***** END LICENSE BLOCK ***** */ - #ifdef DEBUG --static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.9 $ $Date: 2011/04/06 23:59:08 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.9 $ $Date: 2011/04/06 23:59:08 $"; -+static const char CVS_ID[] = "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.9 $ $Date: 2011/04/06 23:59:09 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.13 $ $Date: 2010/03/26 22:06:47 $"; - #endif /* DEBUG */ - - #ifndef BUILTINS_H -@@ -1015,12 +1015,6 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_318 [] = { - static const CK_ATTRIBUTE_TYPE nss_builtins_types_319 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED - }; --static const CK_ATTRIBUTE_TYPE nss_builtins_types_320 [] = { -- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE --}; --static const CK_ATTRIBUTE_TYPE nss_builtins_types_321 [] = { -- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED --}; - #ifdef DEBUG - static const NSSItem nss_builtins_items_0 [] = { - { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -@@ -1029,7 +1023,7 @@ static const NSSItem nss_builtins_items_0 [] = { - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"CVS ID", (PRUint32)7 }, - { (void *)"NSS", (PRUint32)4 }, -- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.9 $ $Date: 2011/04/06 23:59:08 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.9 $ $Date: 2011/04/06 23:59:08 $", (PRUint32)164 } -+ { (void *)"@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.9 $ $Date: 2011/04/06 23:59:09 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.13 $ $Date: 2010/03/26 22:06:47 $", (PRUint32)164 } - }; - #endif /* DEBUG */ - static const NSSItem nss_builtins_items_1 [] = { -@@ -12482,151 +12476,6 @@ static const NSSItem nss_builtins_items_186 [] = { - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)"DigiNotar Root CA", (PRUint32)18 }, -- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, -- { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061" --"\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157" --"\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151" --"\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061" --"\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021" --"\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156" --"\154" --, (PRUint32)97 }, -- { (void *)"0", (PRUint32)2 }, -- { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061" --"\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157" --"\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151" --"\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061" --"\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021" --"\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156" --"\154" --, (PRUint32)97 }, -- { (void *)"\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223" --"\074\114" --, (PRUint32)18 }, -- { (void *)"\060\202\005\212\060\202\003\162\240\003\002\001\002\002\020\014" --"\166\332\234\221\014\116\054\236\376\025\320\130\223\074\114\060" --"\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\137" --"\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022\060" --"\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164\141" --"\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147\151" --"\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040\060" --"\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151\156" --"\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154\060" --"\036\027\015\060\067\060\065\061\066\061\067\061\071\063\066\132" --"\027\015\062\065\060\063\063\061\061\070\061\071\062\061\132\060" --"\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022" --"\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164" --"\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147" --"\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040" --"\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151" --"\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154" --"\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001" --"\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001" --"\000\254\260\130\301\000\275\330\041\010\013\053\232\376\156\126" --"\060\005\237\033\167\220\020\101\134\303\015\207\021\167\216\201" --"\361\312\174\351\214\152\355\070\164\065\273\332\337\371\273\300" --"\011\067\264\226\163\201\175\063\032\230\071\367\223\157\225\177" --"\075\271\261\165\207\272\121\110\350\213\160\076\225\004\305\330" --"\266\303\026\331\210\260\261\207\035\160\332\206\264\017\024\213" --"\172\317\020\321\164\066\242\022\173\167\206\112\171\346\173\337" --"\002\021\150\245\116\206\256\064\130\233\044\023\170\126\042\045" --"\036\001\213\113\121\161\373\202\314\131\226\151\210\132\150\123" --"\305\271\015\002\067\313\113\274\146\112\220\176\052\013\005\007" --"\355\026\137\125\220\165\330\106\311\033\203\342\010\276\361\043" --"\314\231\035\326\052\017\203\040\025\130\047\202\056\372\342\042" --"\302\111\261\271\001\201\152\235\155\235\100\167\150\166\116\041" --"\052\155\204\100\205\116\166\231\174\202\363\363\267\002\131\324" --"\046\001\033\216\337\255\123\006\321\256\030\335\342\262\072\313" --"\327\210\070\216\254\133\051\271\031\323\230\371\030\003\317\110" --"\202\206\146\013\033\151\017\311\353\070\210\172\046\032\005\114" --"\222\327\044\324\226\362\254\122\055\243\107\325\122\366\077\376" --"\316\204\006\160\246\252\076\242\362\266\126\064\030\127\242\344" --"\201\155\347\312\360\152\323\307\221\153\002\203\101\174\025\357" --"\153\232\144\136\343\320\074\345\261\353\173\135\206\373\313\346" --"\167\111\315\243\145\334\367\271\234\270\344\013\137\223\317\314" --"\060\032\062\034\316\034\143\225\245\371\352\341\164\213\236\351" --"\053\251\060\173\240\030\037\016\030\013\345\133\251\323\321\154" --"\036\007\147\217\221\113\251\212\274\322\146\252\223\001\210\262" --"\221\372\061\134\325\246\301\122\010\011\315\012\143\242\323\042" --"\246\350\241\331\071\006\227\365\156\215\002\220\214\024\173\077" --"\200\315\033\234\272\304\130\162\043\257\266\126\237\306\172\102" --"\063\051\007\077\202\311\346\037\005\015\315\114\050\066\213\323" --"\310\076\034\306\210\357\136\356\211\144\351\035\353\332\211\176" --"\062\246\151\321\335\314\210\237\321\320\311\146\041\334\006\147" --"\305\224\172\232\155\142\114\175\314\340\144\200\262\236\107\216" --"\243\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035" --"\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125" --"\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125" --"\035\016\004\026\004\024\210\150\277\340\216\065\304\073\070\153" --"\142\367\050\073\204\201\310\014\327\115\060\015\006\011\052\206" --"\110\206\367\015\001\001\005\005\000\003\202\002\001\000\073\002" --"\215\313\074\060\350\156\240\255\362\163\263\137\236\045\023\004" --"\005\323\366\343\213\273\013\171\316\123\336\344\226\305\321\257" --"\163\274\325\303\320\100\125\174\100\177\315\033\137\011\325\362" --"\174\237\150\035\273\135\316\172\071\302\214\326\230\173\305\203" --"\125\250\325\175\100\312\340\036\367\211\136\143\135\241\023\302" --"\135\212\266\212\174\000\363\043\303\355\205\137\161\166\360\150" --"\143\252\105\041\071\110\141\170\066\334\361\103\223\324\045\307" --"\362\200\145\341\123\002\165\121\374\172\072\357\067\253\204\050" --"\127\014\330\324\324\231\126\154\343\242\376\131\204\264\061\350" --"\063\370\144\224\224\121\227\253\071\305\113\355\332\335\200\013" --"\157\174\051\015\304\216\212\162\015\347\123\024\262\140\101\075" --"\204\221\061\150\075\047\104\333\345\336\364\372\143\105\310\114" --"\076\230\365\077\101\272\116\313\067\015\272\146\230\361\335\313" --"\237\134\367\124\066\202\153\054\274\023\141\227\102\370\170\273" --"\314\310\242\237\312\360\150\275\153\035\262\337\215\157\007\235" --"\332\216\147\307\107\036\312\271\277\052\102\221\267\143\123\146" --"\361\102\243\341\364\132\115\130\153\265\344\244\063\255\134\160" --"\035\334\340\362\353\163\024\221\232\003\301\352\000\145\274\007" --"\374\317\022\021\042\054\256\240\275\072\340\242\052\330\131\351" --"\051\323\030\065\244\254\021\137\031\265\265\033\377\042\112\134" --"\306\172\344\027\357\040\251\247\364\077\255\212\247\232\004\045" --"\235\016\312\067\346\120\375\214\102\051\004\232\354\271\317\113" --"\162\275\342\010\066\257\043\057\142\345\312\001\323\160\333\174" --"\202\043\054\026\061\014\306\066\007\220\172\261\037\147\130\304" --"\073\130\131\211\260\214\214\120\263\330\206\313\150\243\304\012" --"\347\151\113\040\316\301\036\126\113\225\251\043\150\330\060\330" --"\303\353\260\125\121\315\345\375\053\270\365\273\021\237\123\124" --"\366\064\031\214\171\011\066\312\141\027\045\027\013\202\230\163" --"\014\167\164\303\325\015\307\250\022\114\307\247\124\161\107\056" --"\054\032\175\311\343\053\073\110\336\047\204\247\143\066\263\175" --"\217\240\144\071\044\015\075\173\207\257\146\134\164\033\113\163" --"\262\345\214\360\206\231\270\345\305\337\204\301\267\353" --, (PRUint32)1422 } --}; --static const NSSItem nss_builtins_items_187 [] = { -- { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)"DigiNotar Root CA", (PRUint32)18 }, -- { (void *)"\300\140\355\104\313\330\201\275\016\370\154\013\242\207\335\317" --"\201\147\107\214" --, (PRUint32)20 }, -- { (void *)"\172\171\124\115\007\222\073\133\377\101\360\016\307\071\242\230" --, (PRUint32)16 }, -- { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061" --"\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157" --"\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151" --"\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061" --"\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021" --"\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156" --"\154" --, (PRUint32)97 }, -- { (void *)"\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223" --"\074\114" --, (PRUint32)18 }, -- { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, -- { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, -- { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, -- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } --}; --static const NSSItem nss_builtins_items_188 [] = { -- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Network Solutions Certificate Authority", (PRUint32)40 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -@@ -12714,7 +12563,7 @@ static const NSSItem nss_builtins_items_188 [] = { - "\244\140\114\260\125\240\240\173\127\262" - , (PRUint32)1002 } - }; --static const NSSItem nss_builtins_items_189 [] = { -+static const NSSItem nss_builtins_items_187 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -12741,7 +12590,7 @@ static const NSSItem nss_builtins_items_189 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_190 [] = { -+static const NSSItem nss_builtins_items_188 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -12850,7 +12699,7 @@ static const NSSItem nss_builtins_items_190 [] = { - "\333" - , (PRUint32)1217 } - }; --static const NSSItem nss_builtins_items_191 [] = { -+static const NSSItem nss_builtins_items_189 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -12878,7 +12727,7 @@ static const NSSItem nss_builtins_items_191 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_192 [] = { -+static const NSSItem nss_builtins_items_190 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -12952,7 +12801,7 @@ static const NSSItem nss_builtins_items_192 [] = { - "\334\335\363\377\035\054\072\026\127\331\222\071\326" - , (PRUint32)653 } - }; --static const NSSItem nss_builtins_items_193 [] = { -+static const NSSItem nss_builtins_items_191 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -12981,7 +12830,7 @@ static const NSSItem nss_builtins_items_193 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_194 [] = { -+static const NSSItem nss_builtins_items_192 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13073,7 +12922,7 @@ static const NSSItem nss_builtins_items_194 [] = { - "\321\236\164\310\166\147" - , (PRUint32)1078 } - }; --static const NSSItem nss_builtins_items_195 [] = { -+static const NSSItem nss_builtins_items_193 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13098,7 +12947,7 @@ static const NSSItem nss_builtins_items_195 [] = { - { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_196 [] = { -+static const NSSItem nss_builtins_items_194 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13195,7 +13044,7 @@ static const NSSItem nss_builtins_items_196 [] = { - "\253\205\322\140\126\132" - , (PRUint32)1030 } - }; --static const NSSItem nss_builtins_items_197 [] = { -+static const NSSItem nss_builtins_items_195 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13223,7 +13072,7 @@ static const NSSItem nss_builtins_items_197 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_198 [] = { -+static const NSSItem nss_builtins_items_196 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13308,7 +13157,7 @@ static const NSSItem nss_builtins_items_198 [] = { - "\164" - , (PRUint32)897 } - }; --static const NSSItem nss_builtins_items_199 [] = { -+static const NSSItem nss_builtins_items_197 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13334,7 +13183,7 @@ static const NSSItem nss_builtins_items_199 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_200 [] = { -+static const NSSItem nss_builtins_items_198 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13431,7 +13280,7 @@ static const NSSItem nss_builtins_items_200 [] = { - "\374\276\337\012\015" - , (PRUint32)1013 } - }; --static const NSSItem nss_builtins_items_201 [] = { -+static const NSSItem nss_builtins_items_199 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13460,7 +13309,7 @@ static const NSSItem nss_builtins_items_201 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_202 [] = { -+static const NSSItem nss_builtins_items_200 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13571,7 +13420,7 @@ static const NSSItem nss_builtins_items_202 [] = { - "\241\361\017\033\037\075\236\004\203\335\226\331\035\072\224" - , (PRUint32)1151 } - }; --static const NSSItem nss_builtins_items_203 [] = { -+static const NSSItem nss_builtins_items_201 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13603,7 +13452,7 @@ static const NSSItem nss_builtins_items_203 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_204 [] = { -+static const NSSItem nss_builtins_items_202 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13757,7 +13606,7 @@ static const NSSItem nss_builtins_items_204 [] = { - "\103\307\003\340\067\116\135\012\334\131\040\045" - , (PRUint32)1964 } - }; --static const NSSItem nss_builtins_items_205 [] = { -+static const NSSItem nss_builtins_items_203 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13785,7 +13634,7 @@ static const NSSItem nss_builtins_items_205 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_206 [] = { -+static const NSSItem nss_builtins_items_204 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13866,7 +13715,7 @@ static const NSSItem nss_builtins_items_206 [] = { - "\300\226\130\057\352\273\106\327\273\344\331\056" - , (PRUint32)940 } - }; --static const NSSItem nss_builtins_items_207 [] = { -+static const NSSItem nss_builtins_items_205 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -13889,7 +13738,7 @@ static const NSSItem nss_builtins_items_207 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_208 [] = { -+static const NSSItem nss_builtins_items_206 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14023,7 +13872,7 @@ static const NSSItem nss_builtins_items_208 [] = { - "\005\211\374\170\326\134\054\046\103\251" - , (PRUint32)1642 } - }; --static const NSSItem nss_builtins_items_209 [] = { -+static const NSSItem nss_builtins_items_207 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14051,7 +13900,7 @@ static const NSSItem nss_builtins_items_209 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_210 [] = { -+static const NSSItem nss_builtins_items_208 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14156,7 +14005,7 @@ static const NSSItem nss_builtins_items_210 [] = { - "\334\144\047\027\214\132\267\332\164\050\315\227\344\275" - , (PRUint32)1198 } - }; --static const NSSItem nss_builtins_items_211 [] = { -+static const NSSItem nss_builtins_items_209 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14183,7 +14032,7 @@ static const NSSItem nss_builtins_items_211 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_212 [] = { -+static const NSSItem nss_builtins_items_210 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14288,7 +14137,7 @@ static const NSSItem nss_builtins_items_212 [] = { - "\016\121\075\157\373\226\126\200\342\066\027\321\334\344" - , (PRUint32)1198 } - }; --static const NSSItem nss_builtins_items_213 [] = { -+static const NSSItem nss_builtins_items_211 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14315,7 +14164,7 @@ static const NSSItem nss_builtins_items_213 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_214 [] = { -+static const NSSItem nss_builtins_items_212 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14408,7 +14257,7 @@ static const NSSItem nss_builtins_items_214 [] = { - "\230" - , (PRUint32)993 } - }; --static const NSSItem nss_builtins_items_215 [] = { -+static const NSSItem nss_builtins_items_213 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14435,7 +14284,7 @@ static const NSSItem nss_builtins_items_215 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_216 [] = { -+static const NSSItem nss_builtins_items_214 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14524,7 +14373,7 @@ static const NSSItem nss_builtins_items_216 [] = { - "\126\144\127" - , (PRUint32)931 } - }; --static const NSSItem nss_builtins_items_217 [] = { -+static const NSSItem nss_builtins_items_215 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14551,7 +14400,7 @@ static const NSSItem nss_builtins_items_217 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_218 [] = { -+static const NSSItem nss_builtins_items_216 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14632,7 +14481,7 @@ static const NSSItem nss_builtins_items_218 [] = { - "\000\147\240\161\000\202\110" - , (PRUint32)919 } - }; --static const NSSItem nss_builtins_items_219 [] = { -+static const NSSItem nss_builtins_items_217 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14656,7 +14505,7 @@ static const NSSItem nss_builtins_items_219 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_220 [] = { -+static const NSSItem nss_builtins_items_218 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14738,7 +14587,7 @@ static const NSSItem nss_builtins_items_220 [] = { - "\316\145\006\056\135\322\052\123\164\136\323\156\047\236\217" - , (PRUint32)943 } - }; --static const NSSItem nss_builtins_items_221 [] = { -+static const NSSItem nss_builtins_items_219 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14762,7 +14611,7 @@ static const NSSItem nss_builtins_items_221 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_222 [] = { -+static const NSSItem nss_builtins_items_220 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14843,7 +14692,7 @@ static const NSSItem nss_builtins_items_222 [] = { - "\246\210\070\316\125" - , (PRUint32)933 } - }; --static const NSSItem nss_builtins_items_223 [] = { -+static const NSSItem nss_builtins_items_221 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14866,7 +14715,7 @@ static const NSSItem nss_builtins_items_223 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_224 [] = { -+static const NSSItem nss_builtins_items_222 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -14985,7 +14834,7 @@ static const NSSItem nss_builtins_items_224 [] = { - "\201\370\021\234" - , (PRUint32)1460 } - }; --static const NSSItem nss_builtins_items_225 [] = { -+static const NSSItem nss_builtins_items_223 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15011,7 +14860,7 @@ static const NSSItem nss_builtins_items_225 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_226 [] = { -+static const NSSItem nss_builtins_items_224 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15145,7 +14994,7 @@ static const NSSItem nss_builtins_items_226 [] = { - "\311\234\220\332\354\251\102\074\255\266\002" - , (PRUint32)1307 } - }; --static const NSSItem nss_builtins_items_227 [] = { -+static const NSSItem nss_builtins_items_225 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15183,7 +15032,7 @@ static const NSSItem nss_builtins_items_227 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_228 [] = { -+static const NSSItem nss_builtins_items_226 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15261,7 +15110,7 @@ static const NSSItem nss_builtins_items_228 [] = { - "\366\324\357\277\114\210\150" - , (PRUint32)855 } - }; --static const NSSItem nss_builtins_items_229 [] = { -+static const NSSItem nss_builtins_items_227 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15285,7 +15134,7 @@ static const NSSItem nss_builtins_items_229 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_230 [] = { -+static const NSSItem nss_builtins_items_228 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15363,7 +15212,7 @@ static const NSSItem nss_builtins_items_230 [] = { - "\246\347\313\100\003\335\171" - , (PRUint32)855 } - }; --static const NSSItem nss_builtins_items_231 [] = { -+static const NSSItem nss_builtins_items_229 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15387,7 +15236,7 @@ static const NSSItem nss_builtins_items_231 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_232 [] = { -+static const NSSItem nss_builtins_items_230 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15514,7 +15363,7 @@ static const NSSItem nss_builtins_items_232 [] = { - "\320\352\111\242\034\215\122\024\246\012\223" - , (PRUint32)1515 } - }; --static const NSSItem nss_builtins_items_233 [] = { -+static const NSSItem nss_builtins_items_231 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15542,7 +15391,7 @@ static const NSSItem nss_builtins_items_233 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_234 [] = { -+static const NSSItem nss_builtins_items_232 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15616,7 +15465,7 @@ static const NSSItem nss_builtins_items_234 [] = { - "\366\356\260\132\116\111\104\124\130\137\102\203" - , (PRUint32)828 } - }; --static const NSSItem nss_builtins_items_235 [] = { -+static const NSSItem nss_builtins_items_233 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15639,7 +15488,7 @@ static const NSSItem nss_builtins_items_235 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_236 [] = { -+static const NSSItem nss_builtins_items_234 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15715,7 +15564,7 @@ static const NSSItem nss_builtins_items_236 [] = { - "\011\333\212\101\202\236\146\233\021" - , (PRUint32)857 } - }; --static const NSSItem nss_builtins_items_237 [] = { -+static const NSSItem nss_builtins_items_235 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15738,7 +15587,7 @@ static const NSSItem nss_builtins_items_237 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_238 [] = { -+static const NSSItem nss_builtins_items_236 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15821,7 +15670,7 @@ static const NSSItem nss_builtins_items_238 [] = { - "\262\033\211\124" - , (PRUint32)932 } - }; --static const NSSItem nss_builtins_items_239 [] = { -+static const NSSItem nss_builtins_items_237 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15845,7 +15694,7 @@ static const NSSItem nss_builtins_items_239 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_240 [] = { -+static const NSSItem nss_builtins_items_238 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15945,7 +15794,7 @@ static const NSSItem nss_builtins_items_240 [] = { - "\021\055" - , (PRUint32)1026 } - }; --static const NSSItem nss_builtins_items_241 [] = { -+static const NSSItem nss_builtins_items_239 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -15975,7 +15824,7 @@ static const NSSItem nss_builtins_items_241 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_242 [] = { -+static const NSSItem nss_builtins_items_240 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16049,7 +15898,7 @@ static const NSSItem nss_builtins_items_242 [] = { - "\367\130\077\056\162\002\127\243\217\241\024\056" - , (PRUint32)652 } - }; --static const NSSItem nss_builtins_items_243 [] = { -+static const NSSItem nss_builtins_items_241 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16078,7 +15927,7 @@ static const NSSItem nss_builtins_items_243 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_244 [] = { -+static const NSSItem nss_builtins_items_242 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16184,7 +16033,7 @@ static const NSSItem nss_builtins_items_244 [] = { - "\061\324\100\032\142\064\066\077\065\001\256\254\143\240" - , (PRUint32)1070 } - }; --static const NSSItem nss_builtins_items_245 [] = { -+static const NSSItem nss_builtins_items_243 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16216,7 +16065,7 @@ static const NSSItem nss_builtins_items_245 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_246 [] = { -+static const NSSItem nss_builtins_items_244 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16295,7 +16144,7 @@ static const NSSItem nss_builtins_items_246 [] = { - "\017\212" - , (PRUint32)690 } - }; --static const NSSItem nss_builtins_items_247 [] = { -+static const NSSItem nss_builtins_items_245 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16325,7 +16174,7 @@ static const NSSItem nss_builtins_items_247 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_248 [] = { -+static const NSSItem nss_builtins_items_246 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16440,7 +16289,7 @@ static const NSSItem nss_builtins_items_248 [] = { - "\354\315\202\141\361\070\346\117\227\230\052\132\215" - , (PRUint32)1213 } - }; --static const NSSItem nss_builtins_items_249 [] = { -+static const NSSItem nss_builtins_items_247 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16472,7 +16321,7 @@ static const NSSItem nss_builtins_items_249 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_250 [] = { -+static const NSSItem nss_builtins_items_248 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16570,7 +16419,7 @@ static const NSSItem nss_builtins_items_250 [] = { - "\055\247\330\206\052\335\056\020" - , (PRUint32)904 } - }; --static const NSSItem nss_builtins_items_251 [] = { -+static const NSSItem nss_builtins_items_249 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16603,7 +16452,7 @@ static const NSSItem nss_builtins_items_251 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_252 [] = { -+static const NSSItem nss_builtins_items_250 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16705,7 +16554,7 @@ static const NSSItem nss_builtins_items_252 [] = { - "\330\316\304\143\165\077\131\107\261" - , (PRUint32)1049 } - }; --static const NSSItem nss_builtins_items_253 [] = { -+static const NSSItem nss_builtins_items_251 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16735,7 +16584,7 @@ static const NSSItem nss_builtins_items_253 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_254 [] = { -+static const NSSItem nss_builtins_items_252 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16854,7 +16703,7 @@ static const NSSItem nss_builtins_items_254 [] = { - "\370\161\012\334\271\374\175\062\140\346\353\257\212\001" - , (PRUint32)1486 } - }; --static const NSSItem nss_builtins_items_255 [] = { -+static const NSSItem nss_builtins_items_253 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16879,7 +16728,7 @@ static const NSSItem nss_builtins_items_255 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_256 [] = { -+static const NSSItem nss_builtins_items_254 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16969,7 +16818,7 @@ static const NSSItem nss_builtins_items_256 [] = { - "\315\345\250" - , (PRUint32)1043 } - }; --static const NSSItem nss_builtins_items_257 [] = { -+static const NSSItem nss_builtins_items_255 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -16993,7 +16842,7 @@ static const NSSItem nss_builtins_items_257 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_258 [] = { -+static const NSSItem nss_builtins_items_256 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17098,7 +16947,7 @@ static const NSSItem nss_builtins_items_258 [] = { - "\115\273\306\104\333\066\313\052\234\216" - , (PRUint32)1258 } - }; --static const NSSItem nss_builtins_items_259 [] = { -+static const NSSItem nss_builtins_items_257 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17123,7 +16972,7 @@ static const NSSItem nss_builtins_items_259 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_260 [] = { -+static const NSSItem nss_builtins_items_258 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17199,7 +17048,7 @@ static const NSSItem nss_builtins_items_260 [] = { - "\002\153\331\132" - , (PRUint32)820 } - }; --static const NSSItem nss_builtins_items_261 [] = { -+static const NSSItem nss_builtins_items_259 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17223,7 +17072,7 @@ static const NSSItem nss_builtins_items_261 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_262 [] = { -+static const NSSItem nss_builtins_items_260 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17305,7 +17154,7 @@ static const NSSItem nss_builtins_items_262 [] = { - "\362" - , (PRUint32)881 } - }; --static const NSSItem nss_builtins_items_263 [] = { -+static const NSSItem nss_builtins_items_261 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17330,7 +17179,7 @@ static const NSSItem nss_builtins_items_263 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_264 [] = { -+static const NSSItem nss_builtins_items_262 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17446,7 +17295,7 @@ static const NSSItem nss_builtins_items_264 [] = { - "\113\076\053\070\007\125\230\136\244" - , (PRUint32)1465 } - }; --static const NSSItem nss_builtins_items_265 [] = { -+static const NSSItem nss_builtins_items_263 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17470,7 +17319,7 @@ static const NSSItem nss_builtins_items_265 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_266 [] = { -+static const NSSItem nss_builtins_items_264 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17535,7 +17384,7 @@ static const NSSItem nss_builtins_items_266 [] = { - "\375\166\004\333\142\273\220\152\003\331\106\065\331\370\174\133" - , (PRUint32)576 } - }; --static const NSSItem nss_builtins_items_267 [] = { -+static const NSSItem nss_builtins_items_265 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17562,7 +17411,7 @@ static const NSSItem nss_builtins_items_267 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_268 [] = { -+static const NSSItem nss_builtins_items_266 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17627,7 +17476,7 @@ static const NSSItem nss_builtins_items_268 [] = { - "\054\163\031\110\151\116\153\174\145\277\017\374\160\316\210\220" - , (PRUint32)576 } - }; --static const NSSItem nss_builtins_items_269 [] = { -+static const NSSItem nss_builtins_items_267 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17654,7 +17503,7 @@ static const NSSItem nss_builtins_items_269 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_270 [] = { -+static const NSSItem nss_builtins_items_268 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17751,7 +17600,7 @@ static const NSSItem nss_builtins_items_270 [] = { - "\202\042\055\172\124\253\160\303\175\042\145\202\160\226" - , (PRUint32)1038 } - }; --static const NSSItem nss_builtins_items_271 [] = { -+static const NSSItem nss_builtins_items_269 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17779,7 +17628,7 @@ static const NSSItem nss_builtins_items_271 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_272 [] = { -+static const NSSItem nss_builtins_items_270 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17870,7 +17719,7 @@ static const NSSItem nss_builtins_items_272 [] = { - "\336\102\343\055\202\361\017\345\372\227" - , (PRUint32)954 } - }; --static const NSSItem nss_builtins_items_273 [] = { -+static const NSSItem nss_builtins_items_271 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17898,7 +17747,7 @@ static const NSSItem nss_builtins_items_273 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_274 [] = { -+static const NSSItem nss_builtins_items_272 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -17977,7 +17826,7 @@ static const NSSItem nss_builtins_items_274 [] = { - "\130\077\137" - , (PRUint32)867 } - }; --static const NSSItem nss_builtins_items_275 [] = { -+static const NSSItem nss_builtins_items_273 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18001,7 +17850,7 @@ static const NSSItem nss_builtins_items_275 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_276 [] = { -+static const NSSItem nss_builtins_items_274 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18094,7 +17943,7 @@ static const NSSItem nss_builtins_items_276 [] = { - "\045\361\224\264\146" - , (PRUint32)997 } - }; --static const NSSItem nss_builtins_items_277 [] = { -+static const NSSItem nss_builtins_items_275 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18121,7 +17970,7 @@ static const NSSItem nss_builtins_items_277 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_278 [] = { -+static const NSSItem nss_builtins_items_276 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18245,7 +18094,7 @@ static const NSSItem nss_builtins_items_278 [] = { - "\156\117\022\176\012\074\235\225" - , (PRUint32)1560 } - }; --static const NSSItem nss_builtins_items_279 [] = { -+static const NSSItem nss_builtins_items_277 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18270,7 +18119,7 @@ static const NSSItem nss_builtins_items_279 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_280 [] = { -+static const NSSItem nss_builtins_items_278 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18389,7 +18238,7 @@ static const NSSItem nss_builtins_items_280 [] = { - "\333\374\046\210\307" - , (PRUint32)1525 } - }; --static const NSSItem nss_builtins_items_281 [] = { -+static const NSSItem nss_builtins_items_279 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18413,7 +18262,7 @@ static const NSSItem nss_builtins_items_281 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_282 [] = { -+static const NSSItem nss_builtins_items_280 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18569,7 +18418,7 @@ static const NSSItem nss_builtins_items_282 [] = { - "\167\110\320" - , (PRUint32)1875 } - }; --static const NSSItem nss_builtins_items_283 [] = { -+static const NSSItem nss_builtins_items_281 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18600,7 +18449,7 @@ static const NSSItem nss_builtins_items_283 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_284 [] = { -+static const NSSItem nss_builtins_items_282 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18753,7 +18602,7 @@ static const NSSItem nss_builtins_items_284 [] = { - "\351\233\256\325\124\300\164\200\321\013\102\237\301" - , (PRUint32)1869 } - }; --static const NSSItem nss_builtins_items_285 [] = { -+static const NSSItem nss_builtins_items_283 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18783,7 +18632,7 @@ static const NSSItem nss_builtins_items_285 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_286 [] = { -+static const NSSItem nss_builtins_items_284 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18919,7 +18768,7 @@ static const NSSItem nss_builtins_items_286 [] = { - "\242\355\264\324\265\145\103\267\223\106\212\323" - , (PRUint32)1532 } - }; --static const NSSItem nss_builtins_items_287 [] = { -+static const NSSItem nss_builtins_items_285 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -18949,7 +18798,7 @@ static const NSSItem nss_builtins_items_287 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_288 [] = { -+static const NSSItem nss_builtins_items_286 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19100,7 +18949,7 @@ static const NSSItem nss_builtins_items_288 [] = { - "\264" - , (PRUint32)1761 } - }; --static const NSSItem nss_builtins_items_289 [] = { -+static const NSSItem nss_builtins_items_287 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19130,7 +18979,7 @@ static const NSSItem nss_builtins_items_289 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_290 [] = { -+static const NSSItem nss_builtins_items_288 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19266,7 +19115,7 @@ static const NSSItem nss_builtins_items_290 [] = { - "\111\043" - , (PRUint32)1522 } - }; --static const NSSItem nss_builtins_items_291 [] = { -+static const NSSItem nss_builtins_items_289 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19296,7 +19145,7 @@ static const NSSItem nss_builtins_items_291 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_292 [] = { -+static const NSSItem nss_builtins_items_290 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19431,7 +19280,7 @@ static const NSSItem nss_builtins_items_292 [] = { - "\172\244\047\023\326\117\364\151" - , (PRUint32)1512 } - }; --static const NSSItem nss_builtins_items_293 [] = { -+static const NSSItem nss_builtins_items_291 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19461,7 +19310,7 @@ static const NSSItem nss_builtins_items_293 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_294 [] = { -+static const NSSItem nss_builtins_items_292 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19597,7 +19446,7 @@ static const NSSItem nss_builtins_items_294 [] = { - "\302\021\254" - , (PRUint32)1523 } - }; --static const NSSItem nss_builtins_items_295 [] = { -+static const NSSItem nss_builtins_items_293 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19627,7 +19476,7 @@ static const NSSItem nss_builtins_items_295 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_296 [] = { -+static const NSSItem nss_builtins_items_294 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19763,7 +19612,7 @@ static const NSSItem nss_builtins_items_296 [] = { - "\147\024\060" - , (PRUint32)1523 } - }; --static const NSSItem nss_builtins_items_297 [] = { -+static const NSSItem nss_builtins_items_295 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19793,7 +19642,7 @@ static const NSSItem nss_builtins_items_297 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_298 [] = { -+static const NSSItem nss_builtins_items_296 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19927,7 +19776,7 @@ static const NSSItem nss_builtins_items_298 [] = { - "\217\116\235\306\066\347\134\246\253\022\017\326\317" - , (PRUint32)1501 } - }; --static const NSSItem nss_builtins_items_299 [] = { -+static const NSSItem nss_builtins_items_297 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -19957,7 +19806,7 @@ static const NSSItem nss_builtins_items_299 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_300 [] = { -+static const NSSItem nss_builtins_items_298 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20091,7 +19940,7 @@ static const NSSItem nss_builtins_items_300 [] = { - "\130\113\161\203\237\146\346\254\171\110\376\376\107" - , (PRUint32)1501 } - }; --static const NSSItem nss_builtins_items_301 [] = { -+static const NSSItem nss_builtins_items_299 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20121,7 +19970,7 @@ static const NSSItem nss_builtins_items_301 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_302 [] = { -+static const NSSItem nss_builtins_items_300 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20256,7 +20105,7 @@ static const NSSItem nss_builtins_items_302 [] = { - "\200\246\202\254\344\154\201\106\273\122\205\040\044\370\200\352" - , (PRUint32)1520 } - }; --static const NSSItem nss_builtins_items_303 [] = { -+static const NSSItem nss_builtins_items_301 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20286,7 +20135,7 @@ static const NSSItem nss_builtins_items_303 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_304 [] = { -+static const NSSItem nss_builtins_items_302 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20414,7 +20263,7 @@ static const NSSItem nss_builtins_items_304 [] = { - "\154\174\107\306\327\224\021\041\354\326\132\322\335\217\177\221" - , (PRUint32)1392 } - }; --static const NSSItem nss_builtins_items_305 [] = { -+static const NSSItem nss_builtins_items_303 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20444,7 +20293,7 @@ static const NSSItem nss_builtins_items_305 [] = { - { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_306 [] = { -+static const NSSItem nss_builtins_items_304 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20537,7 +20386,7 @@ static const NSSItem nss_builtins_items_306 [] = { - "\342\342\104\276\134\367\352\034\365" - , (PRUint32)969 } - }; --static const NSSItem nss_builtins_items_307 [] = { -+static const NSSItem nss_builtins_items_305 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20565,7 +20414,7 @@ static const NSSItem nss_builtins_items_307 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_308 [] = { -+static const NSSItem nss_builtins_items_306 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20662,7 +20511,7 @@ static const NSSItem nss_builtins_items_308 [] = { - "\364" - , (PRUint32)993 } - }; --static const NSSItem nss_builtins_items_309 [] = { -+static const NSSItem nss_builtins_items_307 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20691,7 +20540,7 @@ static const NSSItem nss_builtins_items_309 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_310 [] = { -+static const NSSItem nss_builtins_items_308 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20789,7 +20638,7 @@ static const NSSItem nss_builtins_items_310 [] = { - "\261\050\272" - , (PRUint32)1011 } - }; --static const NSSItem nss_builtins_items_311 [] = { -+static const NSSItem nss_builtins_items_309 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20818,7 +20667,7 @@ static const NSSItem nss_builtins_items_311 [] = { - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_312 [] = { -+static const NSSItem nss_builtins_items_310 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20895,7 +20744,7 @@ static const NSSItem nss_builtins_items_312 [] = { - "\007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357" - , (PRUint32)848 } - }; --static const NSSItem nss_builtins_items_313 [] = { -+static const NSSItem nss_builtins_items_311 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20919,7 +20768,7 @@ static const NSSItem nss_builtins_items_313 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_314 [] = { -+static const NSSItem nss_builtins_items_312 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -20996,7 +20845,7 @@ static const NSSItem nss_builtins_items_314 [] = { - "\355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333" - , (PRUint32)848 } - }; --static const NSSItem nss_builtins_items_315 [] = { -+static const NSSItem nss_builtins_items_313 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21020,7 +20869,7 @@ static const NSSItem nss_builtins_items_315 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_316 [] = { -+static const NSSItem nss_builtins_items_314 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21129,7 +20978,7 @@ static const NSSItem nss_builtins_items_316 [] = { - "\051\340\266\270\011\150\031\034\030\103" - , (PRUint32)1354 } - }; --static const NSSItem nss_builtins_items_317 [] = { -+static const NSSItem nss_builtins_items_315 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21153,7 +21002,7 @@ static const NSSItem nss_builtins_items_317 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_318 [] = { -+static const NSSItem nss_builtins_items_316 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21210,7 +21059,7 @@ static const NSSItem nss_builtins_items_318 [] = { - "\214\171" - , (PRUint32)514 } - }; --static const NSSItem nss_builtins_items_319 [] = { -+static const NSSItem nss_builtins_items_317 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21234,7 +21083,7 @@ static const NSSItem nss_builtins_items_319 [] = { - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; --static const NSSItem nss_builtins_items_320 [] = { -+static const NSSItem nss_builtins_items_318 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21324,7 +21173,7 @@ static const NSSItem nss_builtins_items_320 [] = { - "\326\267\064\365\176\316\071\232\331\070\361\121\367\117\054" - , (PRUint32)959 } - }; --static const NSSItem nss_builtins_items_321 [] = { -+static const NSSItem nss_builtins_items_319 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -@@ -21675,13 +21524,11 @@ nss_builtins_data[] = { - { 11, nss_builtins_types_316, nss_builtins_items_316, {NULL} }, - { 13, nss_builtins_types_317, nss_builtins_items_317, {NULL} }, - { 11, nss_builtins_types_318, nss_builtins_items_318, {NULL} }, -- { 13, nss_builtins_types_319, nss_builtins_items_319, {NULL} }, -- { 11, nss_builtins_types_320, nss_builtins_items_320, {NULL} }, -- { 13, nss_builtins_types_321, nss_builtins_items_321, {NULL} } -+ { 13, nss_builtins_types_319, nss_builtins_items_319, {NULL} } - }; - const PRUint32 - #ifdef DEBUG -- nss_builtins_nObjects = 321+1; -+ nss_builtins_nObjects = 319+1; - #else -- nss_builtins_nObjects = 321; -+ nss_builtins_nObjects = 319; - #endif /* DEBUG */ -diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt -index 42e674b..a7de86a 100644 ---- a/security/nss/lib/ckfw/builtins/certdata.txt -+++ b/security/nss/lib/ckfw/builtins/certdata.txt -@@ -12461,161 +12461,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR - CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # --# Certificate "DigiNotar Root CA" --# --CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE --CKA_TOKEN CK_BBOOL CK_TRUE --CKA_PRIVATE CK_BBOOL CK_FALSE --CKA_MODIFIABLE CK_BBOOL CK_FALSE --CKA_LABEL UTF8 "DigiNotar Root CA" --CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 --CKA_SUBJECT MULTILINE_OCTAL --\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 --\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 --\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 --\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 --\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 --\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 --\154 --END --CKA_ID UTF8 "0" --CKA_ISSUER MULTILINE_OCTAL --\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 --\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 --\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 --\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 --\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 --\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 --\154 --END --CKA_SERIAL_NUMBER MULTILINE_OCTAL --\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223 --\074\114 --END --CKA_VALUE MULTILINE_OCTAL --\060\202\005\212\060\202\003\162\240\003\002\001\002\002\020\014 --\166\332\234\221\014\116\054\236\376\025\320\130\223\074\114\060 --\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\137 --\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022\060 --\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164\141 --\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147\151 --\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040\060 --\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151\156 --\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154\060 --\036\027\015\060\067\060\065\061\066\061\067\061\071\063\066\132 --\027\015\062\065\060\063\063\061\061\070\061\071\062\061\132\060 --\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022 --\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164 --\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147 --\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040 --\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151 --\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154 --\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 --\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 --\000\254\260\130\301\000\275\330\041\010\013\053\232\376\156\126 --\060\005\237\033\167\220\020\101\134\303\015\207\021\167\216\201 --\361\312\174\351\214\152\355\070\164\065\273\332\337\371\273\300 --\011\067\264\226\163\201\175\063\032\230\071\367\223\157\225\177 --\075\271\261\165\207\272\121\110\350\213\160\076\225\004\305\330 --\266\303\026\331\210\260\261\207\035\160\332\206\264\017\024\213 --\172\317\020\321\164\066\242\022\173\167\206\112\171\346\173\337 --\002\021\150\245\116\206\256\064\130\233\044\023\170\126\042\045 --\036\001\213\113\121\161\373\202\314\131\226\151\210\132\150\123 --\305\271\015\002\067\313\113\274\146\112\220\176\052\013\005\007 --\355\026\137\125\220\165\330\106\311\033\203\342\010\276\361\043 --\314\231\035\326\052\017\203\040\025\130\047\202\056\372\342\042 --\302\111\261\271\001\201\152\235\155\235\100\167\150\166\116\041 --\052\155\204\100\205\116\166\231\174\202\363\363\267\002\131\324 --\046\001\033\216\337\255\123\006\321\256\030\335\342\262\072\313 --\327\210\070\216\254\133\051\271\031\323\230\371\030\003\317\110 --\202\206\146\013\033\151\017\311\353\070\210\172\046\032\005\114 --\222\327\044\324\226\362\254\122\055\243\107\325\122\366\077\376 --\316\204\006\160\246\252\076\242\362\266\126\064\030\127\242\344 --\201\155\347\312\360\152\323\307\221\153\002\203\101\174\025\357 --\153\232\144\136\343\320\074\345\261\353\173\135\206\373\313\346 --\167\111\315\243\145\334\367\271\234\270\344\013\137\223\317\314 --\060\032\062\034\316\034\143\225\245\371\352\341\164\213\236\351 --\053\251\060\173\240\030\037\016\030\013\345\133\251\323\321\154 --\036\007\147\217\221\113\251\212\274\322\146\252\223\001\210\262 --\221\372\061\134\325\246\301\122\010\011\315\012\143\242\323\042 --\246\350\241\331\071\006\227\365\156\215\002\220\214\024\173\077 --\200\315\033\234\272\304\130\162\043\257\266\126\237\306\172\102 --\063\051\007\077\202\311\346\037\005\015\315\114\050\066\213\323 --\310\076\034\306\210\357\136\356\211\144\351\035\353\332\211\176 --\062\246\151\321\335\314\210\237\321\320\311\146\041\334\006\147 --\305\224\172\232\155\142\114\175\314\340\144\200\262\236\107\216 --\243\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035 --\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 --\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 --\035\016\004\026\004\024\210\150\277\340\216\065\304\073\070\153 --\142\367\050\073\204\201\310\014\327\115\060\015\006\011\052\206 --\110\206\367\015\001\001\005\005\000\003\202\002\001\000\073\002 --\215\313\074\060\350\156\240\255\362\163\263\137\236\045\023\004 --\005\323\366\343\213\273\013\171\316\123\336\344\226\305\321\257 --\163\274\325\303\320\100\125\174\100\177\315\033\137\011\325\362 --\174\237\150\035\273\135\316\172\071\302\214\326\230\173\305\203 --\125\250\325\175\100\312\340\036\367\211\136\143\135\241\023\302 --\135\212\266\212\174\000\363\043\303\355\205\137\161\166\360\150 --\143\252\105\041\071\110\141\170\066\334\361\103\223\324\045\307 --\362\200\145\341\123\002\165\121\374\172\072\357\067\253\204\050 --\127\014\330\324\324\231\126\154\343\242\376\131\204\264\061\350 --\063\370\144\224\224\121\227\253\071\305\113\355\332\335\200\013 --\157\174\051\015\304\216\212\162\015\347\123\024\262\140\101\075 --\204\221\061\150\075\047\104\333\345\336\364\372\143\105\310\114 --\076\230\365\077\101\272\116\313\067\015\272\146\230\361\335\313 --\237\134\367\124\066\202\153\054\274\023\141\227\102\370\170\273 --\314\310\242\237\312\360\150\275\153\035\262\337\215\157\007\235 --\332\216\147\307\107\036\312\271\277\052\102\221\267\143\123\146 --\361\102\243\341\364\132\115\130\153\265\344\244\063\255\134\160 --\035\334\340\362\353\163\024\221\232\003\301\352\000\145\274\007 --\374\317\022\021\042\054\256\240\275\072\340\242\052\330\131\351 --\051\323\030\065\244\254\021\137\031\265\265\033\377\042\112\134 --\306\172\344\027\357\040\251\247\364\077\255\212\247\232\004\045 --\235\016\312\067\346\120\375\214\102\051\004\232\354\271\317\113 --\162\275\342\010\066\257\043\057\142\345\312\001\323\160\333\174 --\202\043\054\026\061\014\306\066\007\220\172\261\037\147\130\304 --\073\130\131\211\260\214\214\120\263\330\206\313\150\243\304\012 --\347\151\113\040\316\301\036\126\113\225\251\043\150\330\060\330 --\303\353\260\125\121\315\345\375\053\270\365\273\021\237\123\124 --\366\064\031\214\171\011\066\312\141\027\045\027\013\202\230\163 --\014\167\164\303\325\015\307\250\022\114\307\247\124\161\107\056 --\054\032\175\311\343\053\073\110\336\047\204\247\143\066\263\175 --\217\240\144\071\044\015\075\173\207\257\146\134\164\033\113\163 --\262\345\214\360\206\231\270\345\305\337\204\301\267\353 --END -- --# Trust for Certificate "DigiNotar Root CA" --CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST --CKA_TOKEN CK_BBOOL CK_TRUE --CKA_PRIVATE CK_BBOOL CK_FALSE --CKA_MODIFIABLE CK_BBOOL CK_FALSE --CKA_LABEL UTF8 "DigiNotar Root CA" --CKA_CERT_SHA1_HASH MULTILINE_OCTAL --\300\140\355\104\313\330\201\275\016\370\154\013\242\207\335\317 --\201\147\107\214 --END --CKA_CERT_MD5_HASH MULTILINE_OCTAL --\172\171\124\115\007\222\073\133\377\101\360\016\307\071\242\230 --END --CKA_ISSUER MULTILINE_OCTAL --\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 --\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 --\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 --\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 --\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 --\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 --\154 --END --CKA_SERIAL_NUMBER MULTILINE_OCTAL --\002\020\014\166\332\234\221\014\116\054\236\376\025\320\130\223 --\074\114 --END --CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR --CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN --CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR --CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -- --# - # Certificate "Network Solutions Certificate Authority" - # - CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE --- -1.7.3.4 - diff --git a/src/current-patches/0005-Add-a-string-based-cacheKey.patch b/src/current-patches/0005-Add-a-string-based-cacheKey.patch new file mode 100644 index 0000000..1a3b214 --- /dev/null +++ b/src/current-patches/0005-Add-a-string-based-cacheKey.patch @@ -0,0 +1,85 @@ +From 29844b8d74f033c3a2682af40f4b3ee6183450f4 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Fri, 2 Sep 2011 20:47:02 -0700 +Subject: [PATCH 5/7] Add a string-based cacheKey. + +Used for isolating cache according to same-origin policy. +--- + netwerk/base/public/nsICachingChannel.idl | 7 +++++++ + netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++ + netwerk/protocol/http/nsHttpChannel.h | 1 + + 3 files changed, 30 insertions(+), 0 deletions(-) + +diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl +index 2da46d6..4ee5774 100644 +--- a/netwerk/base/public/nsICachingChannel.idl ++++ b/netwerk/base/public/nsICachingChannel.idl +@@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel + attribute nsISupports cacheKey; + + /** ++ * Set/get the cache domain... uniquely identifies the data in the cache ++ * for this channel. Holding a reference to this key does NOT prevent ++ * the cached data from being removed. ++ */ ++ attribute AUTF8String cacheDomain; ++ ++ /** + * Specifies whether or not the data should be cached to a file. This + * may fail if the disk cache is not present. The value of this attribute + * is usually only settable during the processing of a channel's +diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp +index 7a3254e..cef5eaa 100644 +--- a/netwerk/protocol/http/nsHttpChannel.cpp ++++ b/netwerk/protocol/http/nsHttpChannel.cpp +@@ -2379,6 +2379,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, + cacheKey.Append(buf); + } + ++ if (strlen(mCacheDomain.get()) > 0) { ++ cacheKey.AppendLiteral("domain="); ++ cacheKey.Append(mCacheDomain.get()); ++ cacheKey.AppendLiteral("&"); ++ } ++ + if (!cacheKey.IsEmpty()) { + cacheKey.AppendLiteral("uri="); + } +@@ -4658,6 +4664,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value) + } + + NS_IMETHODIMP ++nsHttpChannel::GetCacheDomain(nsACString &value) ++{ ++ value = mCacheDomain; ++ ++ return NS_OK; ++} ++ ++NS_IMETHODIMP ++nsHttpChannel::SetCacheDomain(const nsACString &value) ++{ ++ mCacheDomain = value; ++ ++ return NS_OK; ++} ++ ++NS_IMETHODIMP + nsHttpChannel::GetOfflineCacheClientID(nsACString &value) + { + value = mOfflineCacheClientID; +diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h +index dd0d7f4..f5016a8 100644 +--- a/netwerk/protocol/http/nsHttpChannel.h ++++ b/netwerk/protocol/http/nsHttpChannel.h +@@ -312,6 +312,7 @@ private: + nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry; + nsCacheAccessMode mOfflineCacheAccess; + nsCString mOfflineCacheClientID; ++ nsCString mCacheDomain; + + // auth specific data + nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider; +-- +1.7.3.4 + diff --git a/src/current-patches/0005-Smash-the-state.patch b/src/current-patches/0005-Smash-the-state.patch deleted file mode 100644 index 6a6b69e..0000000 --- a/src/current-patches/0005-Smash-the-state.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 6215e898232ba74a3676f87226a64501874fcbd2 Mon Sep 17 00:00:00 2001 -From: Mike Perry <mikeperry-git(a)fscked.org> -Date: Tue, 30 Aug 2011 13:34:14 -0700 -Subject: [PATCH 5/5] Smash the state. - -What happened to you, Nederlanden? You used to be cool. ---- - security/manager/ssl/src/nsNSSCallbacks.cpp | 7 ------- - 1 files changed, 0 insertions(+), 7 deletions(-) - -diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp -index 5e3a888..43e1c19 100644 ---- a/security/manager/ssl/src/nsNSSCallbacks.cpp -+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp -@@ -1065,13 +1065,6 @@ PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert, - } - } - } -- -- // By request of the Dutch government -- if (!strcmp(node->cert->issuerName, -- "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") && -- CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) { -- return 0; -- } - } - - if (isDigiNotarIssuedCert) --- -1.7.3.4 - diff --git a/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch new file mode 100644 index 0000000..961422a --- /dev/null +++ b/src/current-patches/0006-Randomize-HTTP-pipeline-order-and-depth.patch @@ -0,0 +1,148 @@ +From 30836f3af346970e58dc98308feebae3f53b9dc7 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Sat, 3 Sep 2011 00:10:35 -0700 +Subject: [PATCH 6/7] Randomize HTTP pipeline order and depth. + +Also turn up maximum depth to 12. + +This is an experimental defense against +http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf +--- + netwerk/protocol/http/nsHttpConnectionMgr.cpp | 77 ++++++++++++++++++++++++- + netwerk/protocol/http/nsHttpConnectionMgr.h | 4 + + 2 files changed, 80 insertions(+), 1 deletions(-) + +diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp +index 108f2c5..38feda3 100644 +--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp ++++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp +@@ -93,6 +93,11 @@ nsHttpConnectionMgr::nsHttpConnectionMgr() + , mTimeOfNextWakeUp(LL_MAXUINT) + { + LOG(("Creating nsHttpConnectionMgr @%x\n", this)); ++ nsresult rv; ++ mRandomGenerator = do_GetService("@mozilla.org/security/random-generator;1", &rv); ++ if (NS_FAILED(rv)) { ++ mRandomGenerator = nsnull; ++ } + } + + nsHttpConnectionMgr::~nsHttpConnectionMgr() +@@ -794,7 +799,7 @@ nsHttpConnectionMgr::DispatchTransaction(nsConnectionEntry *ent, + nsHttpPipeline *pipeline = nsnull; + if (conn->SupportsPipelining() && (caps & NS_HTTP_ALLOW_PIPELINING)) { + LOG((" looking to build pipeline...\n")); +- if (BuildPipeline(ent, trans, &pipeline)) ++ if (BuildRandomizedPipeline(ent, trans, &pipeline)) + trans = pipeline; + } + +@@ -867,6 +872,76 @@ nsHttpConnectionMgr::BuildPipeline(nsConnectionEntry *ent, + return PR_TRUE; + } + ++PRBool ++nsHttpConnectionMgr::BuildRandomizedPipeline(nsConnectionEntry *ent, ++ nsAHttpTransaction *firstTrans, ++ nsHttpPipeline **result) ++{ ++ if (mRandomGenerator == nsnull) ++ return BuildPipeline(ent, firstTrans, result); ++ if (mMaxPipelinedRequests < 2) ++ return PR_FALSE; ++ ++ nsresult rv; ++ PRUint8 *bytes = nsnull; ++ ++ nsHttpPipeline *pipeline = nsnull; ++ nsHttpTransaction *trans; ++ ++ PRUint32 i = 0, numAdded = 0, numAllowed = 0; ++ PRUint32 max = 0; ++ ++ while (i < ent->mPendingQ.Length()) { ++ if (ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING) ++ numAllowed++; ++ i++; ++ } ++ ++ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes); ++ NS_ENSURE_SUCCESS(rv, rv); ++ // 4...12 ++ max = 4 + (bytes[0] % mMaxPipelinedRequests); ++ NS_Free(bytes); ++ ++ while (numAllowed > 0) { ++ rv = mRandomGenerator->GenerateRandomBytes(1, &bytes); ++ NS_ENSURE_SUCCESS(rv, rv); ++ i = bytes[0] % ent->mPendingQ.Length(); ++ NS_Free(bytes); ++ ++ trans = ent->mPendingQ[i]; ++ ++ if (!(ent->mPendingQ[i]->Caps() & NS_HTTP_ALLOW_PIPELINING)) ++ continue; ++ ++ if (numAdded == 0) { ++ pipeline = new nsHttpPipeline; ++ if (!pipeline) ++ return PR_FALSE; ++ pipeline->AddTransaction(firstTrans); ++ numAdded = 1; ++ } ++ pipeline->AddTransaction(trans); ++ ++ // remove transaction from pending queue ++ ent->mPendingQ.RemoveElementAt(i); ++ NS_RELEASE(trans); ++ ++ numAllowed--; ++ ++ if (++numAdded == max) ++ break; ++ } ++ ++ if (numAdded == 0) ++ return PR_FALSE; ++ ++ fprintf(stderr, "Yay!!! pipelined %u/%u transactions\n", numAdded, max); ++ LOG((" pipelined %u transactions\n", numAdded)); ++ NS_ADDREF(*result = pipeline); ++ return PR_TRUE; ++} ++ + nsresult + nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans) + { +diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h +index fc3ed1d..7dde291 100644 +--- a/netwerk/protocol/http/nsHttpConnectionMgr.h ++++ b/netwerk/protocol/http/nsHttpConnectionMgr.h +@@ -48,6 +48,7 @@ + #include "nsAutoPtr.h" + #include "mozilla/ReentrantMonitor.h" + #include "nsISocketTransportService.h" ++#include "nsIRandomGenerator.h" + + #include "nsIObserver.h" + #include "nsITimer.h" +@@ -264,6 +265,7 @@ private: + nsresult DispatchTransaction(nsConnectionEntry *, nsAHttpTransaction *, + PRUint8 caps, nsHttpConnection *); + PRBool BuildPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **); ++ PRBool BuildRandomizedPipeline(nsConnectionEntry *, nsAHttpTransaction *, nsHttpPipeline **); + nsresult ProcessNewTransaction(nsHttpTransaction *); + nsresult EnsureSocketThreadTargetIfOnline(); + nsresult CreateTransport(nsConnectionEntry *, nsHttpTransaction *); +@@ -339,6 +341,8 @@ private: + PRUint64 mTimeOfNextWakeUp; + // Timer for next pruning of dead connections. + nsCOMPtr<nsITimer> mTimer; ++ // Random number generator for reordering HTTP pipeline ++ nsCOMPtr<nsIRandomGenerator> mRandomGenerator; + + // + // the connection table +-- +1.7.3.4 + diff --git a/src/current-patches/0007-Smash-the-state.patch b/src/current-patches/0007-Smash-the-state.patch new file mode 100644 index 0000000..16b03ea --- /dev/null +++ b/src/current-patches/0007-Smash-the-state.patch @@ -0,0 +1,37 @@ +From b6b74cdac09ed294ea1b965e39e4e9ae64c5cbd8 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Sat, 3 Sep 2011 03:00:26 -0700 +Subject: [PATCH 7/7] Smash the state. + +What happened to you, Nederlanden? You used to be cool. + +This exemption is insecure as-is anyway, because we have no way of verifying +that DigiNotar wasn't compromised enough to allow the attacker to sign +certificates with an issuer string matching this exemption. The adversary +would then be able to create a chain of Entrust -> DigiNotar -> "Staat der +Nederlanden" -> *.torproject.org or *.google.com. +--- + security/manager/ssl/src/nsNSSCallbacks.cpp | 7 ------- + 1 files changed, 0 insertions(+), 7 deletions(-) + +diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp +index 5e3a888..43e1c19 100644 +--- a/security/manager/ssl/src/nsNSSCallbacks.cpp ++++ b/security/manager/ssl/src/nsNSSCallbacks.cpp +@@ -1065,13 +1065,6 @@ PSM_SSL_BlacklistDigiNotar(CERTCertificate * serverCert, + } + } + } +- +- // By request of the Dutch government +- if (!strcmp(node->cert->issuerName, +- "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") && +- CERT_LIST_END(CERT_LIST_NEXT(node), serverCertChain)) { +- return 0; +- } + } + + if (isDigiNotarIssuedCert) +-- +1.7.3.4 +

1 0

[torbrowser/maint-2.2] remove the current-patches exclusion from our source tarball creation, since it has all of our firefox patches which people might want if they want to build tbb from scratch (closes: #3904)
by erinn＠torproject.org 04 Sep '11

04 Sep '11

commit f5f2dd950d8b9d54622913beba9069b2ecbb5be3 Author: Erinn Clark <erinn(a)torproject.org> Date: Sun Sep 4 00:34:42 2011 +0100 remove the current-patches exclusion from our source tarball creation, since it has all of our firefox patches which people might want if they want to build tbb from scratch (closes: #3904) --- build-scripts/windows.mk | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk index 72909dd..200237b 100644 --- a/build-scripts/windows.mk +++ b/build-scripts/windows.mk @@ -474,6 +474,5 @@ srcdist: git clone -b maint-2.2 git://git.torproject.org/torbrowser.git \ $(SRCDESTPATH) cd $(SRCDEST); tar --exclude src/archived-patches \ - --exclude src/current-patches --exclude src/processtest \ - --exclude .git -czvf $(SRCNAME)-src.tar.gz $(SRCNAME) + --exclude src/processtest --exclude .git -czvf $(SRCNAME)-src.tar.gz $(SRCNAME)

1 0

[torbrowser/maint-2.2] Bug #3666: Add string-based cacheKey for cache isolation
by erinn＠torproject.org 04 Sep '11

04 Sep '11

commit 9e3fe9ae26b16ae8b35091c89b653b84db1651fd Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Fri Sep 2 21:01:35 2011 -0700 Bug #3666: Add string-based cacheKey for cache isolation The current cacheKey is only 32bit, which is insufficient to isolate cache to domain due to the birthday paradox. Also, some weird issue with OSCP prevents reuse of the cacheKey field (#3754). --- .../0007-Add-a-string-based-cacheKey.patch | 85 ++++++++++++++++++++ 1 files changed, 85 insertions(+), 0 deletions(-) diff --git a/src/current-patches/0007-Add-a-string-based-cacheKey.patch b/src/current-patches/0007-Add-a-string-based-cacheKey.patch new file mode 100644 index 0000000..1e0dd0e --- /dev/null +++ b/src/current-patches/0007-Add-a-string-based-cacheKey.patch @@ -0,0 +1,85 @@ +From 62e7c05519aae2d515d8872525411b8fb4ff02a6 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Fri, 2 Sep 2011 20:47:02 -0700 +Subject: [PATCH 7/7] Add a string-based cacheKey. + +Used for isolating cache according to same-origin policy. +--- + netwerk/base/public/nsICachingChannel.idl | 7 +++++++ + netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++ + netwerk/protocol/http/nsHttpChannel.h | 1 + + 3 files changed, 30 insertions(+), 0 deletions(-) + +diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl +index 2da46d6..4ee5774 100644 +--- a/netwerk/base/public/nsICachingChannel.idl ++++ b/netwerk/base/public/nsICachingChannel.idl +@@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel + attribute nsISupports cacheKey; + + /** ++ * Set/get the cache domain... uniquely identifies the data in the cache ++ * for this channel. Holding a reference to this key does NOT prevent ++ * the cached data from being removed. ++ */ ++ attribute AUTF8String cacheDomain; ++ ++ /** + * Specifies whether or not the data should be cached to a file. This + * may fail if the disk cache is not present. The value of this attribute + * is usually only settable during the processing of a channel's +diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp +index 7a3254e..cef5eaa 100644 +--- a/netwerk/protocol/http/nsHttpChannel.cpp ++++ b/netwerk/protocol/http/nsHttpChannel.cpp +@@ -2379,6 +2379,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, + cacheKey.Append(buf); + } + ++ if (strlen(mCacheDomain.get()) > 0) { ++ cacheKey.AppendLiteral("domain="); ++ cacheKey.Append(mCacheDomain.get()); ++ cacheKey.AppendLiteral("&"); ++ } ++ + if (!cacheKey.IsEmpty()) { + cacheKey.AppendLiteral("uri="); + } +@@ -4658,6 +4664,22 @@ nsHttpChannel::SetCacheForOfflineUse(PRBool value) + } + + NS_IMETHODIMP ++nsHttpChannel::GetCacheDomain(nsACString &value) ++{ ++ value = mCacheDomain; ++ ++ return NS_OK; ++} ++ ++NS_IMETHODIMP ++nsHttpChannel::SetCacheDomain(const nsACString &value) ++{ ++ mCacheDomain = value; ++ ++ return NS_OK; ++} ++ ++NS_IMETHODIMP + nsHttpChannel::GetOfflineCacheClientID(nsACString &value) + { + value = mOfflineCacheClientID; +diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h +index dd0d7f4..f5016a8 100644 +--- a/netwerk/protocol/http/nsHttpChannel.h ++++ b/netwerk/protocol/http/nsHttpChannel.h +@@ -312,6 +312,7 @@ private: + nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry; + nsCacheAccessMode mOfflineCacheAccess; + nsCString mOfflineCacheClientID; ++ nsCString mCacheDomain; + + // auth specific data + nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider; +-- +1.7.3.4 +

1 0

[torbrowser/maint-2.2] Bug #3907: Provide Auth headers to on-modify-request
by erinn＠torproject.org 04 Sep '11

04 Sep '11

commit cf3b2270e3d6961d2fc8951f13d8093b9965bf3e Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Fri Sep 2 15:52:58 2011 -0700 Bug #3907: Provide Auth headers to on-modify-request Bug #3748 isn't fully solved without this patch. Thanks again to Georg Koppen. --- ...th-headers-before-the-modify-request-obse.patch | 51 ++++++++++++++++++++ 1 files changed, 51 insertions(+), 0 deletions(-) diff --git a/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch b/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch new file mode 100644 index 0000000..3f270d6 --- /dev/null +++ b/src/current-patches/0006-Add-HTTP-auth-headers-before-the-modify-request-obse.patch @@ -0,0 +1,51 @@ +From 8c2bf692deecb4efbfd2e9c4eba1d702b89a0f05 Mon Sep 17 00:00:00 2001 +From: Mike Perry <mikeperry-git(a)fscked.org> +Date: Fri, 2 Sep 2011 15:33:20 -0700 +Subject: [PATCH 6/6] Add HTTP auth headers before the modify-request observer. + +Otherwise, how are we supposed to modify them? + +Thanks to Georg Koppen for spotting both the problem and this fix. +--- + netwerk/protocol/http/nsHttpChannel.cpp | 11 +++++++---- + 1 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp +index 7038338..7a3254e 100644 +--- a/netwerk/protocol/http/nsHttpChannel.cpp ++++ b/netwerk/protocol/http/nsHttpChannel.cpp +@@ -311,9 +311,6 @@ nsHttpChannel::Connect(PRBool firstTime) + return NS_ERROR_DOCUMENT_NOT_CACHED; + } + +- // check to see if authorization headers should be included +- mAuthProvider->AddAuthorizationHeaders(); +- + if (mLoadFlags & LOAD_NO_NETWORK_IO) { + return NS_ERROR_DOCUMENT_NOT_CACHED; + } +@@ -3687,6 +3684,9 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context) + + AddCookiesToRequest(); + ++ // check to see if authorization headers should be included ++ mAuthProvider->AddAuthorizationHeaders(); ++ + // notify "http-on-modify-request" observers + gHttpHandler->OnModifyRequest(this); + +@@ -4758,7 +4758,10 @@ nsHttpChannel::DoAuthRetry(nsAHttpConnection *conn) + // this authentication attempt (bug 84794). + // TODO: save cookies from auth response and send them here (bug 572151). + AddCookiesToRequest(); +- ++ ++ // check to see if authorization headers should be included ++ mAuthProvider->AddAuthorizationHeaders(); ++ + // notify "http-on-modify-request" observers + gHttpHandler->OnModifyRequest(this); + +-- +1.7.3.4 +

1 0

r25018: {} add original file rogue-certs-2011-09-04.xlsx as saved from (projects/misc/diginotar)
by Jacob Appelbaum 04 Sep '11

04 Sep '11

Author: ioerror Date: 2011-09-04 17:22:11 +0000 (Sun, 04 Sep 2011) New Revision: 25018 Added: projects/misc/diginotar/rogue-certs-2011-09-04.xlsx Log: add original file rogue-certs-2011-09-04.xlsx as saved from email without any processing Added: projects/misc/diginotar/rogue-certs-2011-09-04.xlsx =================================================================== (Binary files differ) Property changes on: projects/misc/diginotar/rogue-certs-2011-09-04.xlsx ___________________________________________________________________ Added: svn:mime-type + application/octet-stream

1 0

r25017: {} remove rogue-certs-2011-09-04.xls (projects/misc/diginotar)
by Jacob Appelbaum 04 Sep '11

04 Sep '11

Author: ioerror Date: 2011-09-04 17:21:21 +0000 (Sun, 04 Sep 2011) New Revision: 25017 Removed: projects/misc/diginotar/rogue-certs-2011-09-04.xls Log: remove rogue-certs-2011-09-04.xls Deleted: projects/misc/diginotar/rogue-certs-2011-09-04.xls =================================================================== (Binary files differ)

1 0

← Newer
1
...
71
72
73
74
75
76
77
...
87
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits September 2011