Closed Bug 101847 Opened 24 years ago Closed 23 years ago

keygen does not work if Master Pwd is set to "Everytime it is needed"

Categories

(Core Graveyard :: Security: UI, defect, P1)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.4

People

(Reporter: cfu, Assigned: KaiE)

References

(
URL
)

Details

Attachments

(1 file, 1 obsolete file)

Patch v2
1.00 KB, patch
KaiE
: review+
jag+mozilla
: superreview+
asa
: approval+
Details | Diff | Splinter Review
N6 2001092403; CMS4.2 sp2 I wrote a html enrollment page to do just keygen. On the cms server side, I put some debugging message and discovered the subjectKeyGenInfo to be null. To further prove my case, I went to http://www.verisign.com to get a 60 day trial email id, and sure enough, after filling out the form, an error status page indicates that the public key is not generated. To reproduce: 1. go to http://www.verisign.com 2. look under "Home & Home Office" "Secure Email" 3. just fill out the form(s) -- don't give them your credit card info if you select 60 day trial expect to see success, but saw error message indicating that public key wasn't there.
By the way, this bug only occurs in one of my N6 profiles. keygen works fine on both the html page I cooked up and verisign from a different N6 profile. So there might be some element(s) with the failing profile that attributed to this problem.
Also, on both N6 profiles, Communicator 4.75 works happily with KEYGEN.
correction to my last statement; it should read: Also, Communicator 4.75 works happily with KEYGEN in both cases (my keygen html page to cms4.2 sp2, and verisign).
Christina has a copy of the profile which causes KEYGEN to fail, and we can use that to investigate. We should not cause a profile to start failing KEYGEN. It may that Christina is testing her profile extensively, so that a regular user would probably not do something that would result in KEYGEN starting to fail (I'm still able to do KEYGEN with a fairly old profile), but we should try to understand how if fails.
Assignee: ssaux → javi
I just figured out how to reproduce this. It's very simple: 1. go to your "Master Passwords" in your Preferences 2. for Master Password Timeout, select "Everytime it is needed" 3. now go to Verisign and follow the instruction I specified before
Adding relnote keyword, since there is a workaround.
Keywords: relnote
->future ->P1
Priority: -- → P1
Target Milestone: --- → Future
Keywords: relnote
nsbeta1
Keywords: nsbeta1
There is another problem too. You cannot use multipart-forms with the tag keygen. The errormessage of the apache is: Malformed multipart POST The form was created with Perl's CGI-module and $cgi->start_multipart_form (I can submit the html-page which produce the problems if necessary). We (OpenCA) find the problem with linux too so perhaps all OSs are affected.
Keywords: nsbeta1+
Keywords: nsbeta1, nsbeta1+nsbeta1-
Keywords: nsbeta1
Keywords: nsbeta1-
Keywords: nsbeta1nsbeta1+
Target Milestone: Future → 2.4
OS: Windows 2000 → All
Hardware: PC → All
Summary: keygen does not work → keygen does not work if Master Pwd is set to "Everytime it is needed"
Version: 2.1 → 2.4
-> me
Assignee: javi → kaie
Setting URL. I still can reproduce the problem with the latest trunk builds, when master password pref is set to "ask every time".
URL: https://digitalid.verisign.com/client...
Michael: Do you have a test case? I suggest we handle that other problem in a separate bug.
Attached patch Patch v1 (obsolete) — Splinter Review
Sigh, who would have guess the patch is that simple :) The key generation fails, because no callback context (for password prompt) is given to NSS' key generation function. Javi, can you please review?
Comment on attachment 102477 [details] [diff] [review] Patch v1 r=javi Nit-pick: Should we also consider passing in m_ctx to the PK11_GenerateKeyPair in just a couple of lines above to prevent this same bug from occurring in that case as well?
Attachment #102477 - Flags: review+
Attached patch Patch v2Splinter Review
Thanks for catching this! I should have read the surrounding code. New patch with both locations changed.
Attachment #102477 - Attachment is obsolete: true
Comment on attachment 102478 [details] [diff] [review] Patch v2 carrying forward r=javi
Attachment #102478 - Flags: review+
Reply to comment #12: It is not necessary to open a seperate bug for this because we only had such problems if we used keygen. If keygen is fixed then perhaps this bug is resolved too. Simply close the bug and if we have problems with the fixed keygen then I will open a new bug (the problems with multipart POST are only present if we use keygen). Actually we fixed the problem by don't using multipart POST.
Comment on attachment 102478 [details] [diff] [review] Patch v2 sr=jag
Attachment #102478 - Flags: superreview+
Comment on attachment 102478 [details] [diff] [review] Patch v2 a=asa for checkin to 1.2 (on behalf of drivers).
Attachment #102478 - Flags: approval+
fixed on trunk
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: