Closed Bug 115657 Opened 23 years ago Closed 23 years ago

importing certificates from a pkcs12 file does not work with NSS 3.4

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rangansen, Assigned: rrelyea)

Details

Attachments

(1 file)

Here it is, Bob. I'll send you the password
8.56 KB, application/x-pkcs12
Details 
This works ok when PSM uses NSS 3.3, with no change in PSM code.

With 3.4, SEC_PKCS12DecoderStart(...) seems to return success, and the correct
password is being passed, too. But on calling SEC_PKCS12DecoderUpdate(....) with
data from the file, we get a error [code -8177]

I found this happening with quite a few p12 files - and found all of them
failing with 3.4 [they are working with 3.3] - shall try to provide an example
file though.
That error code is SEC_ERROR_BAD_PASSWORD.
Assigned the bug to Bob.
Assignee: wtc → relyea
Priority: -- → P1
Target Milestone: --- → 3.4
Rangan, could you please attach on of the failing .p12 files and send me the
password (be sure it's one which does not have production keys or certs in it.).

Thanks,

bob
OK, I just checked in a fix:

mozilla/security/nss/lib/softoken/lowpbe.c
mozilla/security/nss/lib/softoken/pkcs11c.c

NOTE: old p12 files generated with NSS 3.4 will not work because they were using
invalid pbe key and iv values.

You only need to update libsoftokn3.so (softokn3.dll), though for PSM it's
probably just easier to rebuild all of NSS.

bob
Fix checked in as per the previous comment.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: