--- a/security/certverifier/CertVerifier.cpp
+++ b/security/certverifier/CertVerifier.cpp
@@ -77,18 +77,17 @@ IsCertChainRootBuiltInRoot(CERTCertList*
}
return Success;
}
SECStatus
IsCertBuiltInRoot(CERTCertificate* cert, bool& result)
{
result = false;
- ScopedPK11SlotList slots;
- slots = PK11_GetAllSlotsForCert(cert, nullptr);
+ UniquePK11SlotList slots(PK11_GetAllSlotsForCert(cert, nullptr));
if (!slots) {
if (PORT_GetError() == SEC_ERROR_NO_TOKEN) {
// no list
return SECSuccess;
}
return SECFailure;
}
for (PK11SlotListElement* le = slots->head; le; le = le->next) {
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -1012,17 +1012,17 @@ LoadLoadableRoots(/*optional*/ const cha
UniquePtr<char, void(&)(char*)>
pkcs11ModuleSpec(PR_smprintf("name=\"%s\" library=\"%s\"", modNameUTF8,
escaped_fullLibraryPath.get()),
PR_smprintf_free);
if (!pkcs11ModuleSpec) {
return SECFailure;
}
- ScopedSECMODModule rootsModule(SECMOD_LoadUserModule(pkcs11ModuleSpec.get(),
+ UniqueSECMODModule rootsModule(SECMOD_LoadUserModule(pkcs11ModuleSpec.get(),
nullptr, false));
if (!rootsModule) {
return SECFailure;
}
if (!rootsModule->loaded) {
PR_SetError(PR_INVALID_STATE_ERROR, 0);
return SECFailure;
@@ -1030,17 +1030,17 @@ LoadLoadableRoots(/*optional*/ const cha
return SECSuccess;
}
void
UnloadLoadableRoots(const char* modNameUTF8)
{
PR_ASSERT(modNameUTF8);
- ScopedSECMODModule rootsModule(SECMOD_FindModule(modNameUTF8));
+ UniqueSECMODModule rootsModule(SECMOD_FindModule(modNameUTF8));
if (rootsModule) {
SECMOD_UnloadUserModule(rootsModule.get());
}
}
char*
DefaultServerNicknameForCert(CERTCertificate* cert)
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -1083,17 +1083,17 @@ GatherEKUTelemetry(const ScopedCERTCertL
}
if (!foundEKU) {
Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 0);
return;
}
// Parse the EKU extension
- ScopedCERTOidSequence ekuSequence(
+ UniqueCERTOidSequence ekuSequence(
CERT_DecodeOidSequence(&ekuExtension->value));
if (!ekuSequence) {
return;
}
// Search through the available EKUs
bool foundServerAuth = false;
bool foundOther = false;
--- a/security/manager/ssl/ScopedNSSTypes.h
+++ b/security/manager/ssl/ScopedNSSTypes.h
@@ -1,14 +1,17 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
+// This header provides smart pointers and various helpers for code that needs
+// to interact with NSS.
+
#ifndef mozilla_ScopedNSSTypes_h
#define mozilla_ScopedNSSTypes_h
#include <limits>
#include "cert.h"
#include "cms.h"
#include "cryptohi.h"
@@ -65,16 +68,17 @@ MapSECStatus(SECStatus rv)
if (rv == SECSuccess) {
return NS_OK;
}
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
// Alphabetical order by NSS type
+// Deprecated: use the equivalent UniquePtr templates instead.
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPRFileDesc,
PRFileDesc,
PR_Close)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificate,
CERTCertificate,
CERT_DestroyCertificate)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificateList,
CERTCertificateList,
@@ -83,67 +87,40 @@ MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLAT
CERTCertificateRequest,
CERT_DestroyCertificateRequest)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertList,
CERTCertList,
CERT_DestroyCertList)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTName,
CERTName,
CERT_DestroyName)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTOidSequence,
- CERTOidSequence,
- CERT_DestroyOidSequence)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertNicknames,
- CERTCertNicknames,
- CERT_FreeNicknames)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTSubjectPublicKeyInfo,
CERTSubjectPublicKeyInfo,
SECKEY_DestroySubjectPublicKeyInfo)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTValidity,
CERTValidity,
CERT_DestroyValidity)
-
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedNSSCMSMessage,
- NSSCMSMessage,
- NSS_CMSMessage_Destroy)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedNSSCMSSignedData,
- NSSCMSSignedData,
- NSS_CMSSignedData_Destroy)
+// Deprecated: use the equivalent UniquePtr templates instead.
namespace psm {
inline void
PK11_DestroyContext_true(PK11Context * ctx) {
PK11_DestroyContext(ctx, true);
}
-inline void
-SGN_DestroyContext_true(SGNContext* ctx) {
- SGN_DestroyContext(ctx, true);
-}
-
-inline void
-VFY_DestroyContext_true(VFYContext * ctx) {
- VFY_DestroyContext(ctx, true);
-}
-
} // namespace mozilla::psm
+// Deprecated: use the equivalent UniquePtr templates instead.
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11Context,
PK11Context,
mozilla::psm::PK11_DestroyContext_true)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSGNContext,
- SGNContext,
- mozilla::psm::SGN_DestroyContext_true)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSGNDigestInfo,
SGNDigestInfo,
SGN_DestroyDigestInfo)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedVFYContext,
- VFYContext,
- mozilla::psm::VFY_DestroyContext_true)
/** A more convenient way of dealing with digests calculated into
* stack-allocated buffers. NSS must be initialized on the main thread before
* use, and the caller must ensure NSS isn't shut down, typically by
* subclassing nsNSSShutDownObject, while Digest is in use.
*
* Typical usage, for digesting a buffer in memory:
*
@@ -226,48 +203,42 @@ private:
return NS_OK;
}
uint8_t buf[HASH_LENGTH_MAX];
SECItem item;
};
+// Deprecated: use the equivalent UniquePtr templates instead.
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SlotInfo,
PK11SlotInfo,
PK11_FreeSlot)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SlotList,
- PK11SlotList,
- PK11_FreeSlotList)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SymKey,
PK11SymKey,
PK11_FreeSymKey)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11GenericObject,
PK11GenericObject,
PK11_DestroyGenericObject)
-
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSEC_PKCS7ContentInfo,
- SEC_PKCS7ContentInfo,
- SEC_PKCS7DestroyContentInfo)
-
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSEC_PKCS12DecoderContext,
SEC_PKCS12DecoderContext,
SEC_PKCS12DecoderFinish)
namespace internal {
inline void
PORT_FreeArena_false(PLArenaPool* arena)
{
// PL_FreeArenaPool can't be used because it doesn't actually free the
// memory, which doesn't work well with memory analysis tools.
return PORT_FreeArena(arena, false);
}
} // namespace internal
+// Deprecated: use the equivalent UniquePtr templates instead.
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPLArenaPool,
PLArenaPool,
internal::PORT_FreeArena_false)
// Wrapper around NSS's SECItem_AllocItem that handles OOM the same way as
// other allocators.
inline void
SECITEM_AllocItem(SECItem & item, uint32_t len)
@@ -320,56 +291,73 @@ inline void SECOID_DestroyAlgorithmID_tr
inline void SECKEYEncryptedPrivateKeyInfo_true(SECKEYEncryptedPrivateKeyInfo * epki)
{
return SECKEY_DestroyEncryptedPrivateKeyInfo(epki, PR_TRUE);
}
} // namespace internal
+// Deprecated: use the equivalent UniquePtr templates instead.
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECItem,
SECItem,
internal::SECITEM_FreeItem_true)
-
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPrivateKey,
SECKEYPrivateKey,
SECKEY_DestroyPrivateKey)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYEncryptedPrivateKeyInfo,
SECKEYEncryptedPrivateKeyInfo,
internal::SECKEYEncryptedPrivateKeyInfo_true)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPublicKey,
SECKEYPublicKey,
SECKEY_DestroyPublicKey)
MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECAlgorithmID,
SECAlgorithmID,
internal::SECOID_DestroyAlgorithmID_true)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECMODModule, SECMODModule,
- SECMOD_DestroyModule)
// Emulates MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE, but for UniquePtrs.
#define MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(name, Type, Deleter) \
struct name##DeletePolicy \
{ \
void operator()(Type* aValue) { Deleter(aValue); } \
}; \
typedef UniquePtr<Type, name##DeletePolicy> name;
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificatePolicies,
CERTCertificatePolicies,
CERT_DestroyCertificatePoliciesExtension)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertNicknames,
+ CERTCertNicknames,
+ CERT_FreeNicknames)
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTOidSequence,
CERTOidSequence,
CERT_DestroyOidSequence)
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTUserNotice,
CERTUserNotice,
CERT_DestroyUserNotice)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSMessage,
+ NSSCMSMessage,
+ NSS_CMSMessage_Destroy)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSSignedData,
+ NSSCMSSignedData,
+ NSS_CMSSignedData_Destroy)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SlotList,
+ PK11SlotList,
+ PK11_FreeSlotList)
+
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePLArenaPool,
PLArenaPool,
internal::PORT_FreeArena_false)
+
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECItem,
SECItem,
internal::SECITEM_FreeItem_true)
MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPublicKey,
SECKEYPublicKey,
SECKEY_DestroyPublicKey)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECMODModule,
+ SECMODModule,
+ SECMOD_DestroyModule)
} // namespace mozilla
#endif // mozilla_ScopedNSSTypes_h
--- a/security/manager/ssl/nsCertPicker.cpp
+++ b/security/manager/ssl/nsCertPicker.cpp
@@ -98,17 +98,18 @@ NS_IMETHODIMP nsCertPicker::PickByUsage(
CERT_RemoveCertListNode(freenode);
continue;
}
}
node = CERT_LIST_NEXT(node);
}
}
- ScopedCERTCertNicknames nicknames(getNSSCertNicknamesFromCertList(certList.get()));
+ UniqueCERTCertNicknames nicknames(
+ getNSSCertNicknamesFromCertList(certList.get()));
if (!nicknames) {
return NS_ERROR_NOT_AVAILABLE;
}
certNicknameList = (char16_t **)moz_xmalloc(sizeof(char16_t *) * nicknames->numnicknames);
certDetailsList = (char16_t **)moz_xmalloc(sizeof(char16_t *) * nicknames->numnicknames);
if (!certNicknameList || !certDetailsList) {
--- a/security/manager/ssl/nsCrypto.cpp
+++ b/security/manager/ssl/nsCrypto.cpp
@@ -46,17 +46,17 @@ nsPkcs11::DeleteModule(const nsAString&
return NS_ERROR_INVALID_ARG;
}
NS_ConvertUTF16toUTF8 moduleName(aModuleName);
// Introduce additional scope for module so all references to it are released
// before we call SECMOD_DeleteModule, below.
#ifndef MOZ_NO_SMART_CARDS
{
- mozilla::ScopedSECMODModule module(SECMOD_FindModule(moduleName.get()));
+ mozilla::UniqueSECMODModule module(SECMOD_FindModule(moduleName.get()));
if (!module) {
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsINSSComponent> nssComponent(
do_GetService(PSM_COMPONENT_CONTRACTID));
nssComponent->ShutdownSmartCardThread(module.get());
}
#endif
@@ -95,17 +95,17 @@ nsPkcs11::AddModule(const nsAString& aMo
uint32_t cipherFlags = SECMOD_PubCipherFlagstoInternal(aCipherFlags);
SECStatus srv = SECMOD_AddNewModule(moduleName.get(), fullPath.get(),
mechFlags, cipherFlags);
if (srv != SECSuccess) {
return NS_ERROR_FAILURE;
}
#ifndef MOZ_NO_SMART_CARDS
- mozilla::ScopedSECMODModule module(SECMOD_FindModule(moduleName.get()));
+ mozilla::UniqueSECMODModule module(SECMOD_FindModule(moduleName.get()));
if (!module) {
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsINSSComponent> nssComponent(
do_GetService(PSM_COMPONENT_CONTRACTID));
nssComponent->LaunchSmartCardThread(module.get());
#endif
--- a/security/manager/ssl/nsDataSignatureVerifier.cpp
+++ b/security/manager/ssl/nsDataSignatureVerifier.cpp
@@ -124,17 +124,17 @@ VerifyCMSDetachedSignatureIncludingCerti
// XXX: missing pinArg is tolerated.
if (NS_WARN_IF(!buffer.data && buffer.len > 0) ||
NS_WARN_IF(!detachedDigest.data && detachedDigest.len > 0) ||
(!verifyCertificate) ||
NS_WARN_IF(!verifyCertificateContext)) {
return NS_ERROR_INVALID_ARG;
}
- ScopedNSSCMSMessage
+ UniqueNSSCMSMessage
cmsMsg(NSS_CMSMessage_CreateFromDER(const_cast<SECItem*>(&buffer), nullptr,
nullptr, nullptr, nullptr, nullptr,
nullptr));
if (!cmsMsg) {
return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
}
if (!NSS_CMSMessage_IsSigned(cmsMsg.get())) {
--- a/security/manager/ssl/nsNSSCertificate.cpp
+++ b/security/manager/ssl/nsNSSCertificate.cpp
@@ -6,16 +6,17 @@
#include "nsNSSCertificate.h"
#include "prmem.h"
#include "prerror.h"
#include "prprf.h"
#include "CertVerifier.h"
#include "ExtendedValidation.h"
#include "mozilla/UniquePtr.h"
+#include "mozilla/unused.h"
#include "pkix/pkixnss.h"
#include "pkix/pkixtypes.h"
#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
#include "nsCOMPtr.h"
#include "nsIMutableArray.h"
#include "nsNSSCertValidity.h"
#include "nsPKCS12Blob.h"
#include "nsPK11TokenDB.h"
@@ -918,24 +919,23 @@ nsNSSCertificate::GetAllTokenNames(uint3
return NS_ERROR_NOT_AVAILABLE;
NS_ENSURE_ARG(aLength);
NS_ENSURE_ARG(aTokenNames);
*aLength = 0;
*aTokenNames = nullptr;
// Get the slots from NSS
- ScopedPK11SlotList slots;
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting slots for \"%s\"\n", mCert->nickname));
- slots = PK11_GetAllSlotsForCert(mCert.get(), nullptr);
+ UniquePK11SlotList slots(PK11_GetAllSlotsForCert(mCert.get(), nullptr));
if (!slots) {
- if (PORT_GetError() == SEC_ERROR_NO_TOKEN)
+ if (PORT_GetError() == SEC_ERROR_NO_TOKEN) {
return NS_OK; // List of slots is empty, return empty array
- else
- return NS_ERROR_FAILURE;
+ }
+ return NS_ERROR_FAILURE;
}
// read the token names from slots
PK11SlotListElement* le;
for (le = slots->head; le; le = le->next) {
++(*aLength);
}
@@ -1144,26 +1144,26 @@ nsNSSCertificate::ExportAsCMS(uint32_t c
case nsIX509Cert::CMS_CHAIN_MODE_CertOnly:
case nsIX509Cert::CMS_CHAIN_MODE_CertChain:
case nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot:
break;
default:
return NS_ERROR_INVALID_ARG;
}
- ScopedNSSCMSMessage cmsg(NSS_CMSMessage_Create(nullptr));
+ UniqueNSSCMSMessage cmsg(NSS_CMSMessage_Create(nullptr));
if (!cmsg) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("nsNSSCertificate::ExportAsCMS - can't create CMS message\n"));
return NS_ERROR_OUT_OF_MEMORY;
}
// first, create SignedData with the certificate only (no chain)
- ScopedNSSCMSSignedData sigd(
- NSS_CMSSignedData_CreateCertsOnly(cmsg, mCert.get(), false));
+ UniqueNSSCMSSignedData sigd(
+ NSS_CMSSignedData_CreateCertsOnly(cmsg.get(), mCert.get(), false));
if (!sigd) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("nsNSSCertificate::ExportAsCMS - can't create SignedData\n"));
return NS_ERROR_FAILURE;
}
// Calling NSS_CMSSignedData_CreateCertsOnly() will not allow us
// to specify the inclusion of the root, but CERT_CertChainFromCert() does.
@@ -1177,60 +1177,60 @@ nsNSSCertificate::ExportAsCMS(uint32_t c
// the issuerCert of a self signed root is the cert itself,
// so make sure we're not adding duplicates, again
if (issuerCert && issuerCert != mCert.get()) {
bool includeRoot =
(chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot);
ScopedCERTCertificateList certChain(
CERT_CertChainFromCert(issuerCert, certUsageAnyCA, includeRoot));
if (certChain) {
- if (NSS_CMSSignedData_AddCertList(sigd, certChain) == SECSuccess) {
+ if (NSS_CMSSignedData_AddCertList(sigd.get(), certChain) == SECSuccess) {
certChain.forget();
}
else {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("nsNSSCertificate::ExportAsCMS - can't add chain\n"));
return NS_ERROR_FAILURE;
}
}
else {
// try to add the issuerCert, at least
- if (NSS_CMSSignedData_AddCertificate(sigd, issuerCert)
+ if (NSS_CMSSignedData_AddCertificate(sigd.get(), issuerCert)
== SECSuccess) {
issuerCert.forget();
}
else {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("nsNSSCertificate::ExportAsCMS - can't add issuer cert\n"));
return NS_ERROR_FAILURE;
}
}
}
}
- NSSCMSContentInfo* cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
- if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd)
+ NSSCMSContentInfo* cinfo = NSS_CMSMessage_GetContentInfo(cmsg.get());
+ if (NSS_CMSContentInfo_SetContent_SignedData(cmsg.get(), cinfo, sigd.get())
== SECSuccess) {
- sigd.forget();
+ Unused << sigd.release();
}
else {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("nsNSSCertificate::ExportAsCMS - can't attach SignedData\n"));
return NS_ERROR_FAILURE;
}
ScopedPLArenaPool arena(PORT_NewArena(1024));
if (!arena) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("nsNSSCertificate::ExportAsCMS - out of memory\n"));
return NS_ERROR_OUT_OF_MEMORY;
}
SECItem certP7 = { siBuffer, nullptr, 0 };
- NSSCMSEncoderContext* ecx = NSS_CMSEncoder_Start(cmsg, nullptr, nullptr,
+ NSSCMSEncoderContext* ecx = NSS_CMSEncoder_Start(cmsg.get(), nullptr, nullptr,
&certP7, arena, nullptr,
nullptr, nullptr, nullptr,
nullptr, nullptr);
if (!ecx) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("nsNSSCertificate::ExportAsCMS - can't create encoder context\n"));
return NS_ERROR_FAILURE;
}
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -2087,17 +2087,17 @@ void
ClientAuthDataRunnable::RunOnTargetThread()
{
PLArenaPool* arena = nullptr;
char** caNameStrings;
ScopedCERTCertificate cert;
ScopedSECKEYPrivateKey privKey;
ScopedCERTCertList certList;
CERTCertListNode* node;
- ScopedCERTCertNicknames nicknames;
+ UniqueCERTCertNicknames nicknames;
int keyError = 0; // used for private key retrieval error
SSM_UserCertChoice certChoice;
int32_t NumberOfCerts = 0;
void* wincx = mSocketInfo;
nsresult rv;
nsCOMPtr<nsIX509Cert> socketClientCert;
mSocketInfo->GetClientCert(getter_AddRefs(socketClientCert));
@@ -2291,17 +2291,17 @@ ClientAuthDataRunnable::RunOnTargetThrea
while (!CERT_LIST_END(node, certList.get())) {
++NumberOfCerts;
node = CERT_LIST_NEXT(node);
}
if (CERT_LIST_END(CERT_LIST_HEAD(certList.get()), certList.get())) {
goto noCert;
}
- nicknames = getNSSCertNicknamesFromCertList(certList.get());
+ nicknames.reset(getNSSCertNicknamesFromCertList(certList.get()));
if (!nicknames) {
goto loser;
}
NS_ASSERTION(nicknames->numnicknames == NumberOfCerts, "nicknames->numnicknames != NumberOfCerts");
// Get CN and O of the subject and O of the issuer