Open Bug 66604 Opened 24 years ago Updated 2 years ago

Signtool reports unnecessary error message when verifying without key3.db

Categories

(NSS :: Tools, enhancement, P3)

Product:
NSS
Component:
Tools
Platform:
Sun
Solaris
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: arshad.noor, Unassigned)

Details

From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (X11; I; SunOS 5.8 sun4u)
BuildID:    

When attempting to verify a signed jar file, with just the cert7.db in
$HOME/.netscape (we definitely don't want the key3.db involved in any
verification purposes; we'd prefer that the secumodule.db also not be
involved, but I have no preference about this), signtool -v reports an
incorrect and unnecessary error message.


Reproducible: Always
Steps to Reproduce:
1.  Sign an object with an object signing certificate.
2.  Remove or Move the $HOME/.netscape/key3.db file temporarily.
3.  From the command line, type in signtool -v jarfile.jar

Actual Results:  You will see output such as follows:

$ sophia:/home/anoor> signtool -v *.jar
using certificate directory: /home/anoor/.netscape

WARNING: No password set on internal key database.  Most operations will fail.
You must use Communicator to create a password.
.
.


Expected Results:  No messages regarding key database.  For verification
operations the private key is unnecessary.
Marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true
marking signtool bugs as future until 3.3 plan is ready.
Status: NEW → ASSIGNED
Target Milestone: --- → Future
forgot to reassign
Assignee: wtc → mcgreer
Status: ASSIGNED → NEW
Set Target Milestone to NSS 3.3.  Assigned the bug to
Bob for evaluation.
Assignee: mcgreer → relyea
Priority: -- → P2
Target Milestone: Future → 3.3
reassign to Ian. work on this if it's in the prd.
Assignee: relyea → mcgreer
Target Milestone: 3.3 → 3.4
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Set target milestone to NSS 3.5.
Target Milestone: 3.4 → 3.5
Assigned the bug to Kirk.  Target NSS 3.7.
Assignee: ian.mcgreer → kirk.erickson
Target Milestone: 3.5 → 3.7
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
Not likely to get to this in the 3.9 timeframe.
Set Target Milestone to Future.
Target Milestone: --- → Future
Target Milestone: Future → ---
I provided a password in reproducing this failure:
signtool -v nojs.jar -d ../alicedir -p nss
signtool: NSS_Initialize failed: security library: bad database.

signtool is calling NSS_Init(): 
NSS_Init(configdir = 0x3367f0 "../alicedir"), line 493 in "nssinit.c"
which has no provision for startup without key3.db.  Arshad is asking
for a new feature. 

Changed this Severity to "enhancement"

In addition to relaxing nss_Init(), facilities downstream that assume
the key3.db has been opened would need to check for its existence and
fail gracefully in the case it wasn't opened as part of NSS_Init().

Unfortunately, Arshad is no longer at Sun, so I need to find out whose
taken his place and query further to understand the motivation for this.
Perhaps we can offer another means to accomplish their goal.
Severity: normal → enhancement
Priority: P2 → P3
2003-0609-1720 Back from Michael Hein:

Kirk,

I don't know who Arshad is.....or what group he was in.	 I would say just
leave the bug for now......if it is very important I'm sure someone will
ping us.

Michael

Mass reassign of Kirk's bugs.
Assignee: kirk.erickson → glen.beasley
QA Contact: bishakhabanerjee → jason.m.reid
QA Contact: jason.m.reid → tools
Assignee: gbmozilla → nobody
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.