Merge NSS_3_14_2_RTM.

mozilla/security/nss/lib/pk11wrap/pk11cert.c

Index: mozilla/security/nss/lib/pk11wrap/pk11cert.c
===================================================================
--- mozilla/security/nss/lib/pk11wrap/pk11cert.c	(revision 180567)
+++ mozilla/security/nss/lib/pk11wrap/pk11cert.c	(working copy)
@@ -324,7 +324,6 @@
     if (trust == NULL) 
     	goto loser;
     PORT_Memset(trust,0, sizeof(CERTCertTrust));
-    cert->trust = trust;
 
     if(! pk11_HandleTrustObject(slot, cert, trust) ) {
 	unsigned int type;
@@ -365,6 +364,10 @@
 	trust->emailFlags |= CERTDB_USER;
 	/*    trust->objectSigningFlags |= CERTDB_USER; */
     }
+    CERT_LockCertTrust(cert);
+    cert->trust = trust;
+    CERT_UnlockCertTrust(cert);
+
     return cert;
 
 loser:
@@ -1410,6 +1413,7 @@
     NSSCMSRecipient *ri = NULL;
     int i;
     PRBool tokenRescanDone = PR_FALSE;
+    CERTCertTrust trust;
 
     for (i=0; (ri = recipientlist[i]) != NULL; i++) {
 	CERTCertificate *cert = NULL;
@@ -1490,8 +1494,8 @@
 	}
 	if (cert) {
 	    /* this isn't our cert */
-	    if ((cert->trust == NULL) ||
-       		((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) {
+	    if (CERT_GetCertTrust(cert, &trust) != SECSuccess ||
+       		((trust.emailFlags & CERTDB_USER) != CERTDB_USER)) {
 		 CERT_DestroyCertificate(cert);
 		continue;
 	    }
@@ -1550,6 +1554,7 @@
 	SEC_PKCS7RecipientInfo **rip, void *pwarg)
 {
     SEC_PKCS7RecipientInfo *ri = NULL;
+    CERTCertTrust trust;
     int i;
 
     for (i=0; (ri = recipientArray[i]) != NULL; i++) {
@@ -1559,8 +1564,8 @@
 								pwarg);
         if (cert) {
 	    /* this isn't our cert */
-	    if ((cert->trust == NULL) ||
-       		((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) {
+	    if (CERT_GetCertTrust(cert, &trust) != SECSuccess ||
+       		((trust.emailFlags & CERTDB_USER) != CERTDB_USER)) {
 		 CERT_DestroyCertificate(cert);
 		continue;
 	    }
@@ -2260,9 +2265,10 @@
 {
    /* look at the subject and see if it is a KEA for MISSI key */
    SECOidData *oid;
+   CERTCertTrust trust;
 
-   if ((cert->trust == NULL) ||
-       ((cert->trust->sslFlags & CERTDB_USER) != CERTDB_USER)) {
+   if (CERT_GetCertTrust(cert, &trust) != SECSuccess ||
+       ((trust.sslFlags & CERTDB_USER) != CERTDB_USER)) {
        return PR_FALSE;
    }