Closed
Bug 120173
Opened 23 years ago
Closed 23 years ago
NSS 3.4 CRL Import Fails
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.2
People
(Reporter: rangansen, Assigned: rangansen)
References
Details
Try Import a CRL from crl.verisign.com. A dialog pops up indiacating import was
successful. Now open the CRL manager.
What's expected: The new crl should be listed.
What happens: No CRLs are listed.
Note that call to SEC_NewCrl() does return a non-null object, but the crl
doesn't seen to be saved - SEC_LookupCrls returns null.
Assignee | ||
Updated•23 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•23 years ago
|
||
Adding NSS 3.4 in summary and updating target
Summary: CRL Import Fails → NSS 3.4 CRL Import Fails
Target Milestone: --- → 2.2
Comment 3•23 years ago
|
||
P1. Allowing this in RTM NSS3.4 would result in a major regression.
Priority: -- → P1
Comment 4•23 years ago
|
||
I'm not sure whether this is a NSS or a PSM problem.
Who is responsible for incrementing the reference count of the downloaded CRL?
PSM? PSM does not seem to do it.
I see the following:
The PSM code for importing the CRL tries to find a matching cert for the
downloaded cert. Depending on which cert you download from crl.verisign.com, a
cert is found or not (but in both cases the crl does not arrive in the crl view).
PSM calls SEC_NewCrl from the DER data that has been downloaded. This seems to
work, at least an object is returned.
Next, PSM allocates a C++ wrapper object to remember that cert, but that wrapper
object does not increment a reference count. The wrapper only stores a pointer
to the crl object.
Next, PSM calls SEC_DestroyCrl on the crl object. Tracing into that method I see
that the reference count reaches zero and its slot is freed.
Do we need to call a method to make sure this CRL arrives in the cert db?
Comment 5•23 years ago
|
||
Bob, Rangan. This is still happening. I'm willing to not let it block 116334 if
you both reach an agreement that it can be fixed easily.
Assignee | ||
Comment 6•23 years ago
|
||
Well, I am not very sure ... Doesn't look like there's a separate method to
ensure that the CRL reaches the DB. Looks like more of a NSS problem to me ...
What's your opinion, Bob?
Comment 7•23 years ago
|
||
Marking fixed. NSS bug is fixed.
To qa for verification (needs nss34).
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•