Open Bug 340633 Opened 18 years ago Updated 2 years ago

pk12util and pkcs12 decoder library need verbose diagnostic mode

Categories

(NSS :: Tools, enhancement, P3)

3.11.1
enhancement

Tracking

(Not tracked)

People

(Reporter: nelson, Unassigned)

Details

With all the problems folks have been having importing pkcs12 files, 
and all the time NSS developers spend diagnosing those troubles,
it would be great if pk12util had a verbose diagnostic mode that 
caused it to output a log of what it's doing internally.  
Users aren't going to send us their .p12 files, generally, and they
shouldn't have to.  But we should be able to figure out where it's
failing using verbose log output that the tool provides.  

Note that pk12util already has a -v option, and all it does presently
is cause a line to be output at the end, declaring success or failure.

I think the implementatino of this might require extended the PKCS12
deocder API with the addition of a new registerable callback function
that pk12d calls as it decodes.
Target Milestone: --- → 3.11.8
Target Milestone: 3.11.8 → Future
Target Milestone: Future → ---
Priority: -- → P3
OS: Windows XP → All
Assignee: neil.williams → nobody
I wonder why firefox and thunderbird only say "PKCS#12 operation failed for unknown reason". Why isn't it possible to tell the reason?

Yesterday I generated a new certificate with openSSL and it did not import into thunderbird for "unknown reasons". After 2 hours I found the reason: the new serial number was the same as an existing certificate.

See also bug 458161 and bug 564403
This bug is about an NSS command line tool.

The browser and email clients are NOTORIOUS for saying "for an unknown reason" 
instead of stating the reason, even when the reason is clearly known to them 
(in the form of a detailed error code).  That's not an NSS problem.  See also 
https://bugzilla.mozilla.org/show_bug.cgi?id=desired
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.