Closed Bug 125557 Opened 20 years ago Closed 19 years ago
.4 causes PSM to not see multiple user certs
Since the migration to the NSS3.4 beta PSM has been unable to see/use more than the first personal cert in the database. Please see me for private test case.
This fix does a couple of things: the original code would place the object handles on the list before we search them, then try to iterate over the list afterwards. The problem was the iteration was only for the residual count of the last operation. We would then send the first 16 afterwards. The sort of convoluted logic was an attempt to not allocate an arena for small lists (up to 16 entries). The new code places only the complete buffers on the object list, and drops the residual buffer through the bottom. NOTE: the first buffer is on the stack, not in the arena. This is OK because we will free the arena before we leave the scope of this function. Also, the new code uses the standard n*2 growth for each overflow, meaning for large lists you will still only make order of log2 n calls instead of n/16 calls to collect on the object IDs.
Adding Wan-Teh (note the patch).
Tested with 20020219 nightly. Works like a champ. Marking Resolved, Fixed. Bob Rocks.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Also marking Verified due to the "exclusive" nature of the test case. QA - Please see me if more detail is needed.
Status: RESOLVED → VERIFIED
D'oh! Must reopen bug. If the Manage Certs window is opened then everything works as expected. If the window is not opened before accessing a site that requires client auth then only invalid certs are found/presented. I can demonstrate once Bob returns.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Is this still an issue?
Priority: -- → P1
Target Milestone: --- → 2.2
Yes. And very badly so. Feel free to visit me in Bldg 23 for a demonstration.
Joe, can you please give more info about what you see and how to reproduce? I just tried with a new profile, imported my current and 2 older company certs, restarted the browser, and accessed aka. I correctly was shown all my certs in the client auth dialog. Could you please try, too, with a fresh profile? In that case your problem may be caused by a corrupted NSS database? Just a guess.
The issue has changed behavior since Bob's fix. The current behavior is: 1) Client-Auth fails to use current certificate (sees only expired certs in database) until Edit | Preferences | Certificates | Mange Certs window is opened and then closed. 2) Unable to sign SMIME messages at all
change target to NSS until I can determine with Joe what is really happening.
Component: Client Library → Libraries
Product: PSM → NSS
Target Milestone: 2.2 → 3.4.1
Version: unspecified → 3.4
Here's a theory worth investigating: Joe's older certs are issued by a differnet CA cert than the certs you can get now from certificates.netscape.com. However, I think that the nicknames for the CA certs are the same, and it may be significant. Note that the CA cert are not even issued by the same root.
Exporting all certs/keys, creating a new key3 and cert7 database, and importing the p12 file make the badness go away for the browser. I am still unable to sign (or verify signed) messages though.
Moved to NSS 3.5.
Target Milestone: 3.4.1 → 3.5
Certificate renewal made the badness with signing go away.
OK, I suspect there was some nastiness in the db files that were repaired by the cert renewal. I'm targetting this for 3.6, since I still want to know what's going on (and prehaps repair things without going through a cert renewal process. bob
Target Milestone: 3.5 → 3.6
Since the problem has gone away, and NSS 3.6 is self-repairing, I'm going to close this was WFM
Status: REOPENED → RESOLVED
Closed: 20 years ago → 19 years ago
Resolution: --- → WORKSFORME
Another user (fkeeney) is having the signing problem with a fresh cert. The problem appears to be living on (though not for me).
You need to log in before you can comment on or make changes to this bug.