Closed Bug 120173 Opened 23 years ago Closed 23 years ago

NSS 3.4 CRL Import Fails

Categories

(Core Graveyard :: Security: UI, defect, P1)

Other Branch
x86
Windows NT
defect

Tracking

(Not tracked)

VERIFIED FIXED
psm2.2

People

(Reporter: rangansen, Assigned: rangansen)

References

Details

Try Import a CRL from crl.verisign.com. A dialog pops up indiacating import was successful. Now open the CRL manager. What's expected: The new crl should be listed. What happens: No CRLs are listed. Note that call to SEC_NewCrl() does return a non-null object, but the crl doesn't seen to be saved - SEC_LookupCrls returns null.
Blocks: 116334
Status: NEW → ASSIGNED
Adding NSS 3.4 in summary and updating target
Summary: CRL Import Fails → NSS 3.4 CRL Import Fails
Target Milestone: --- → 2.2
-> me
Assignee: ssaux → rangansen
Status: ASSIGNED → NEW
P1. Allowing this in RTM NSS3.4 would result in a major regression.
Priority: -- → P1
I'm not sure whether this is a NSS or a PSM problem. Who is responsible for incrementing the reference count of the downloaded CRL? PSM? PSM does not seem to do it. I see the following: The PSM code for importing the CRL tries to find a matching cert for the downloaded cert. Depending on which cert you download from crl.verisign.com, a cert is found or not (but in both cases the crl does not arrive in the crl view). PSM calls SEC_NewCrl from the DER data that has been downloaded. This seems to work, at least an object is returned. Next, PSM allocates a C++ wrapper object to remember that cert, but that wrapper object does not increment a reference count. The wrapper only stores a pointer to the crl object. Next, PSM calls SEC_DestroyCrl on the crl object. Tracing into that method I see that the reference count reaches zero and its slot is freed. Do we need to call a method to make sure this CRL arrives in the cert db?
Bob, Rangan. This is still happening. I'm willing to not let it block 116334 if you both reach an agreement that it can be fixed easily.
Well, I am not very sure ... Doesn't look like there's a separate method to ensure that the CRL reaches the DB. Looks like more of a NSS problem to me ... What's your opinion, Bob?
Depends on: 122454
Marking fixed. NSS bug is fixed. To qa for verification (needs nss34).
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.