Closed
Bug 112504
Opened 23 years ago
Closed 23 years ago
Test suites do not test cert and key db error cases.
Categories
(NSS :: Test, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.4
People
(Reporter: rrelyea, Assigned: sonja.mirtitsch)
Details
Attachments
(6 files, 2 obsolete files)
4.62 KB,
patch
|
Details | Diff | Splinter Review | |
1.14 KB,
text/plain
|
Details | |
6.43 KB,
patch
|
Details | Diff | Splinter Review | |
5.42 KB,
patch
|
Details | Diff | Splinter Review | |
6.92 KB,
text/plain
|
Details | |
3.58 KB,
text/html
|
Details |
We currently do not have tests to make sure NSS fails if it cannot open the cert and key db's. We need to test the following cases: 1) try to open cert and key DB's read only, but specify an empty & not existant directory. NSS_Init should fail. 2) try to open cert and key DB's read/write from a read only directory. NSS_InitReadWrite() should fail. 3) try to open cert and key DB's read/write forced from a read only directory. NSS_Initialize() with the force flag should succeed. We already test opening cert and key DB's read/write in an empty directory (certutil -N -d directory). and Read Only with a non-empty directory (selfserv/tstclnt). bob
Assignee | ||
Comment 1•23 years ago
|
||
1 and 2 seem to be easy, using existing tools. 3 requires either adding the NSS_INIT_FORCEOPEN to one of the existing tools, or writing of a new tool. I would very much prefer to write my own utility and just hook the build of it into the regular build, than to touch any of the existing tools. Please advise.
Assignee | ||
Comment 2•23 years ago
|
||
Assignee | ||
Comment 3•23 years ago
|
||
please check the messages
Assignee | ||
Updated•23 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: waiting for more specifications and review
Target Milestone: --- → 3.4
Reporter | ||
Comment 4•23 years ago
|
||
Generally looks good, just a couple of comments: 1) We should examine the error code from tstclnt closely. It's likely tstclnt will fail because it can't connect to selfserv, in which case we will get a false negative (The test will incorrectly succeed even if we allow the Init to succeed when it should have failed). I have some patched for certutil with will conditionally open the database R/O for certain operations (like -L) with an option to override. Maybe I should check those patches in, as long as it doesn't break any other tests. 2) I don't see an issue with you adding a new test binary the handle these specific conditions (specifically case 3) to security/nss/cmd. bob
Assignee | ||
Comment 5•23 years ago
|
||
Assignee | ||
Comment 6•23 years ago
|
||
Assignee | ||
Comment 7•23 years ago
|
||
Assignee | ||
Comment 8•23 years ago
|
||
Assignee | ||
Updated•23 years ago
|
Attachment #60284 -
Attachment is obsolete: true
Assignee | ||
Comment 9•23 years ago
|
||
Assignee | ||
Comment 10•23 years ago
|
||
Assignee | ||
Updated•23 years ago
|
Attachment #60349 -
Attachment is obsolete: true
Reporter | ||
Comment 11•23 years ago
|
||
One other test case, try forcing an empty directory and a non-existant directory open.: dbtest -r -d $(EMPTY_DIR) -f /*should succeed */ dbtest -d ./nonexistantdir -f /* should succeed */ Everything else looks good r=relyea.
Assignee | ||
Comment 12•23 years ago
|
||
all changes checked in, tinderboxes passed on most platforms
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 13•23 years ago
|
||
Comment on attachment 60454 [details] [diff] [review] program to test db >/* >** dbtest.c >** >** utility for managing certificates and the cert database >** >*/ This comment does not describe what this test does. (The comment probably comes from certutil.c.) Could you fix it? Thanks.
Attachment #60454 -
Flags: needs-work+
Assignee | ||
Comment 14•23 years ago
|
||
changed the comment
Whiteboard: waiting for more specifications and review
You need to log in
before you can comment on or make changes to this bug.
Description
•