From b535d1ac5cbcdf18a97d97a92581e38080d9e521 Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Tue, 14 May 2019 11:28:38 -0400

Subject: [PATCH] efikeygen: Fix the build with nss 3.44

NSS 3.44 adds some certificate types, which changes a type and makes

some encoding stuff weird.  As a result, we get:

gcc8 -I/wrkdirs/usr/ports/sysutils/pesign/work/pesign-0.110/include -O2 -pipe  -fstack-protector-strong -Wl,-rpath=/usr/local/lib/gcc8 -isystem /usr/local/include -fno-strict-aliasing  -g -O0 -g -O0  -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function -I../include/  -I/usr/local/include/nss -I/usr/local/include/nss/nss -I/usr/local/include/nspr  -Werror -fPIC -isystem /usr/local/include -DCONFIG_amd64 -DCONFIG_amd64 -c efikeygen.c -o efikeygen.o

In file included from /usr/local/include/nss/nss/cert.h:22,

                 from efikeygen.c:39:

efikeygen.c: In function 'add_cert_type':

/usr/local/include/nss/nss/certt.h:445:5: error: unsigned conversion from 'int' to 'unsigned char' changes value from '496' to '240' [-Werror=overflow]

     (NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \

     ^

efikeygen.c:208:23: note: in expansion of macro 'NS_CERT_TYPE_APP'

  unsigned char type = NS_CERT_TYPE_APP;

                       ^~~~~~~~~~~~~~~~

cc1: all warnings being treated as errors

This is fixed by just making it an int.

Fixes github issue #48.

Signed-off-by: Peter Jones <pjones@redhat.com>

---

 src/efikeygen.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/efikeygen.c b/src/efikeygen.c

index ede76ef0b48..2cd953e9781 100644

--- a/src/efikeygen.c

+++ b/src/efikeygen.c

@@ -208,7 +208,7 @@ static int

 add_cert_type(cms_context *cms, void *extHandle, int is_ca)

 {

 	SECItem bitStringValue;

-	unsigned char type = NS_CERT_TYPE_APP;

+	int type = NS_CERT_TYPE_APP;

 	if (is_ca)

 		type |= NS_CERT_TYPE_SSL_CA |

-- 

2.23.0