unotest/source/cpp/macros_test.cxx | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
New commits:
commit 55b9b3c9d4a71de1f4e4c79bfce2766d3ef73e28
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Apr 29 11:58:51 2022 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Apr 29 20:23:02 2022 +0200
unotest: fix NSS initialization for CentOS7 system NSS
When given an unprefixed path, CentOS7 system NSS 3.67 apparently
ignores the nice unit test database and creates a legacy "dbm:" one in
the same directory, which is of course empty.
This causes:
xmlsecurity/qa/unit/signing/signing.cxx:570:aaa_testODFX509CertificateChain::TestBody
equality assertion failed
- Expected: 0
- Actual : 1
The intermediate/root CA certificates are read from the signature and
added with CERT_NewTempCertificate(), which then does a lookup in the
database to find the trust flags of the certificate:
0 nssTrust_GetCERTCertTrustForCert () at pki3hack.c:610
1 fill_CERTCertificateFields () at pki3hack.c:819
2 stan_GetCERTCertificate () at pki3hack.c:926
3 STAN_GetCERTCertificate () at pki3hack.c:973
4 add_cert_to_cache () at tdcache.c:721
5 nssTrustDomain_AddCertsToCache () at tdcache.c:849
6 cert_createObject () at pkibase.c:1023
7 nssPKIObjectCollection_GetObjects () at pkibase.c:853
8 nssPKIObjectCollection_GetCertificates () at pkibase.c:1077
9 nssTrustDomain_FindCertificateByIssuerAndSerialNumber () at
trustdomain.c:796
10 nssTrustDomain_FindCertificateByEncodedCertificate () at
trustdomain.c:839
11 NSSTrustDomain_FindCertificateByEncodedCertificate () at
trustdomain.c:852
12 CERT_NewTempCertificate () at stanpcertdb.c:366
13 __CERT_NewTempCertificate () at stanpcertdb.c:474
14 SecurityEnvironment_NssImpl::verifyCertificate() () at
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:524
Change-Id: If334d056a9e13ad806e3ea1a03d395d606fd3d84
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133622
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/unotest/source/cpp/macros_test.cxx
b/unotest/source/cpp/macros_test.cxx
index f30cbcdac3ea..6e8a26cceeb4 100644
--- a/unotest/source/cpp/macros_test.cxx
+++ b/unotest/source/cpp/macros_test.cxx
@@ -131,7 +131,8 @@ void MacrosTest::setUpNssGpg(const test::Directories&
rDirectories, const OUStri
osl_setEnvironment(caVar.pData, aTargetPath.pData);
#else
OUString mozCertVar("MOZILLA_CERTIFICATE_FOLDER");
- osl_setEnvironment(mozCertVar.pData, aTargetPath.pData);
+ // explicit prefix with "sql:" needed for CentOS7 system NSS 3.67
+ osl_setEnvironment(mozCertVar.pData, OUString("sql:" + aTargetPath).pData);
#endif
OUString gpgHomeVar("GNUPGHOME");
osl_setEnvironment(gpgHomeVar.pData, aTargetPath.pData);
