Closed Bug 119403 Opened 24 years ago Closed 23 years ago

Tracking bug: must-fix bugs for NSS 3.4 Pre-Beta

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wtc, Assigned: wtc)

References

Details

This bug tracks the bugs that must be fixed before we release NSS 3.4 Beta 1.
Among the bugs Sonja listed in her email yesterday, we may need to fix this for Beta 1. - Bug 115360: fips tests: pk12util failures in backwardcompatibility tests Sonja filed two new bugs today. We should investigate them. - Bug 119277: intermittant SMIME problem on Linux - Bug 119340: increased "selfserv process not detectable" errors on linux 2.4
Status: NEW → ASSIGNED
Depends on: 115360, 119277, 119340
Priority: -- → P1
Target Milestone: --- → 3.4
I just wanted to say that bug 119277 shouldn't hold up the beta release, IMO. PSM is the only customer of S/MIME, and AFAIK they will be pulling from the tip and not the beta tag.
Here is a status update on the bugs and my opinions. - Bug 115360: Ian has checked in a fix that was reviewed by Bob and Nelson. - Bug 119277: We still haven't been able to reproduce the S/MIME test failures at Netscape. I was worried that the S/MIME test failure means a regression in the quality of NSS 3.4, but now that I know this is a new test, I agree with Ian that this bug should not block NSS 3.4 Beta 1. - Bug 119340: The error message can be easily reproduced. The error message indicates that selfserv cannot bind to the TCP port. This PR_Bind() failure has nothing to do with crypto or SSL. I agree with Sonja that this bug is a P2. I propose that we remove bug 119277 and bug 119340 from the list. Any objections?
The fix I checked in has had a negative effect. I haven't tracked it down yet. It seems to be related to how serial numbers are handled (possibly the encoder changes affected it). We have the option of not including the changes in the Beta, and accepting the FIPS backwards compatiblity failures (or turning off the test). I'm trying to figure out what is going on.
I'm inclined to not including the changes in the Beta. It's not necessary to back out your fix, Ian. We can use today's build (20020114.1) as the Beta candidate.
Ah.... There are two potential issues with serial numbers: 1) Coding serial numbers for PKCS #11 use. 2) Createing DB keys. DB keys are concantenated Issuer/Serial number pairs. Serial numbers need to have the leading '0' to be compatible with old databases. (this is something we can't gloss over). PKCS #11 requires serial numbers to be der encoded. I think we may be hand encoding those serial numbers, which may not be doing the correct signed/unsigned thing. bob
Actually, I found that it, and checked in a couple of fixes (places where we used cert->serialNumber instead of the DER value). However, I think I have tracked down the real problem. And it is much more fun than that :) If certutil is not provided with a serial number, it creates one from the time of day (a weak form of randomness). If that value is negative when treated a signed number, it causes failures. As long as it is positive, everything works. My assumption is that serial numbers should *always* be positive, so I'm going to change certutil accordingly.
Removed bug 119340 ("selfserv process not detectable" errors on Linux) from the list. This bug has to do with the difficulty of killing a multithreaded process on Linux (each Linux pthread is a process) and has nothing to do with crypto or SSL. Removed bug 119277 (intermittent S/MIME problem on Linux) from the list. This bug is extremely hard to reproduce and the test that fails is a new test. We cannot conclude from this test failure that there is regression in the S/MIME code in NSS 3.4. Bug 115360: Considering that the fix turns out to be more complicated than we thought, I propose that we address this issue after Beta 1. The downside is that we need to inspect the pk12util failures in backward compatibility tests. I propose that we use the 20020114.1 build as the Beta 1 candidate and start the QA.
No longer depends on: 119277, 119340
> Removed bug 119340 ("selfserv process not detectable" errors on > Linux) from the list. This bug has to do with the difficulty > of killing a multithreaded process on Linux (each Linux pthread > is a process) and has nothing to do with crypto or SSL. I would not be so certain that this is the cause, it also showed up on the very first server started in a QA run. I also think producing a beta1 with a lot of known problems decreases the chance of having beta testers, and increases the number of betas, and the amount of work for QA
Sonja, what other bugs do you think we should fix before releasing Beta 1?
imo by accepting a certification or QA procedure NSS commits itself to pass these tests before producing a Beta.
I am marking this bug fixed. Changing the summary to say "NSS 3.4 Pre-Beta" because that's what we ended up calling this pre-release.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Summary: Tracking bug: must-fix bugs for NSS 3.4 Beta 1 → Tracking bug: must-fix bugs for NSS 3.4 Pre-Beta
You need to log in before you can comment on or make changes to this bug.