From 8fc8d1dca1546a285dd7505a8ecb6602c748ac8b Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: May 27 2015 20:10:53 +0000
Subject: Ticket #47493 - Configuration Tab does not work with FIPS mode enabled


Description: To invoke Manage Certificate window, NSS slot needs to be
found by looking up the token name.  When the token name is "internal
(software)", the slot is supposed to be found by PK11_GetInternalKeySlot
that provides the support for FIPS instead of PK11_FindSlotByName.  This
patch calls the right api based upon the token type.

https://fedorahosted.org/389/ticket/47493

Reviewed by mreynolds@redhat.com (Thank you, Mark!!)

---

diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index 34bf3a7..2d7f38d 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -890,13 +890,20 @@ static void listCert(char* tokenName) {
 
   CERTCertList *certList;
   CERTCertListNode *cln;
-  PK11SlotInfo *slot = PK11_FindSlotByName(tokenName);
+  PK11SlotInfo *slot = NULL;
   PK11SlotInfo *internal_slot;
   char *internalTokenName;
 
+  if (tokenName && (!strcasecmp(tokenName, "internal") ||
+                    !strcasecmp(tokenName, "internal (software)"))) {
+      slot = PK11_GetInternalKeySlot();
+  } else {
+      slot = PK11_FindSlotByName(tokenName);
+  }
+
   if (!slot) {
-	  errorRpt(GENERAL_FAILURE, getResourceString(DBT_TOKEN_NAME));
-	  return;
+      errorRpt(GENERAL_FAILURE, getResourceString(DBT_TOKEN_NAME));
+      return;
   }
 
   if (PK11_IsInternal(slot)) {