Closed
Bug 1308026
Opened 8 years ago
Closed 7 years ago
JSS certificate validation does not pass up exact error from NSS
Categories
(JSS Graveyard :: Library, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
4.4
People
(Reporter: elio.maldonado.batiz, Assigned: edewata)
References
Details
Attachments
(1 file, 4 obsolete files)
15.58 KB,
patch
|
edewata
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Reporter | ||
Comment 1•8 years ago
|
||
Downstream patch by Endi Sukma Dewata not yet ready for review.
Reporter | ||
Comment 2•7 years ago
|
||
Regenerated the patch from Endi S. Dewata" <edewata@redhat.com> for current experimental sources, ================= Test Results JSSTEST_SUITE: 31 / 31 JSSTEST_RATE: 100 % Test Status: SUCCESS Not ready for review until all subsequent patches get testested.
Attachment #8798967 -
Attachment is obsolete: true
Reporter | ||
Updated•7 years ago
|
Assignee: glenbeasley → edewata
Reporter | ||
Comment 3•7 years ago
|
||
Patch was updated for the current state of the sources.
Attachment #8835266 -
Attachment is obsolete: true
Attachment #8844661 -
Flags: review?(edewata)
Reporter | ||
Comment 4•7 years ago
|
||
Comment on attachment 8844661 [details] [diff] [review] pass up exact jss certificate validation errors from nss - V3 Review of attachment 8844661 [details] [diff] [review]: ----------------------------------------------------------------- ::: org/mozilla/jss/CryptoManager.c @@ +321,5 @@ > + jstring ocspResponderCertNickname, > + jboolean initializeJavaOnly, > + jboolean PKIXVerify, > + jboolean noCertDB, > + jboolean noModDB, nitpick: should remove trailing white space ::: org/mozilla/jss/CryptoManager.java @@ +1575,5 @@ > * with the given nickname. > */ > public boolean isCertValid(String nickname, boolean checkSig, > CertificateUsage certificateUsage) > + throws ObjectNotFoundException, InvalidNicknameException, CertificateException Notice that the function now also throws CertificateException ::: org/mozilla/jss/PK11Finder.c @@ +1566,5 @@ > + self, nickString, checkSig, required_certificateUsage); > + return JNI_TRUE; > + /* NOTE: No way of knowing the result the function we are calling > + * as it was the result type type was changed from boolean to void. > + */ Please notice this question. @@ +1593,5 @@ > + SECCertificateUsage currUsage = 0x0000; /* unexposed for now */ > + SECStatus rv = SECFailure; > + CERTCertificate *cert = NULL; > + char *nickname = NULL; > + nitpick: should get rid of white space
Reporter | ||
Comment 5•7 years ago
|
||
(In reply to Elio Maldonado from comment #4) > Comment on attachment 8844661 [details] [diff] [review] > pass up exact jss certificate validation errors from nss > > Review of attachment 8844661 [details] [diff] [review]: > ----------------------------------------------------------------- > > ::: org/mozilla/jss/CryptoManager.c > @@ +321,5 @@ > > + jstring ocspResponderCertNickname, > > + jboolean initializeJavaOnly, > > + jboolean PKIXVerify, > > + jboolean noCertDB, > > + jboolean noModDB, > > nitpick: should remove trailing white space Besides I meant to bring to your attention that initializeAllNative2 now has more parameters that were added to it by upstream folks.
Reporter | ||
Updated•7 years ago
|
Attachment #8798967 -
Attachment description: pass up exact jss certificate validation errors from nss → pass up exact jss certificate validation errors from nss V1
Reporter | ||
Updated•7 years ago
|
Attachment #8835266 -
Attachment description: pass up exact jss certificate validation errors from nss → pass up exact jss certificate validation errors from nss - V2
Reporter | ||
Updated•7 years ago
|
Attachment #8844661 -
Attachment description: pass up exact jss certificate validation errors from nss → pass up exact jss certificate validation errors from nss - V3
Reporter | ||
Comment 6•7 years ago
|
||
This version has changes requested by Endi in a private review.
Attachment #8844661 -
Attachment is obsolete: true
Attachment #8844661 -
Flags: review?(edewata)
Attachment #8845087 -
Flags: review?(edewata)
Reporter | ||
Comment 7•7 years ago
|
||
This is the one I meant to attach.
Attachment #8845087 -
Attachment is obsolete: true
Attachment #8845087 -
Flags: review?(edewata)
Attachment #8845094 -
Flags: review?(edewata)
Assignee | ||
Comment 8•7 years ago
|
||
Comment on attachment 8845094 [details] [diff] [review] pass up exact jss certificate validation errors from nss - V4 Just one minor issue, in PK11Finder.c the parameter "required_rertificateUsage" should be renamed to "required_certificateUsage" for consistency. Please use this commit description: A new CryptoManager.verifyCertificate() method has been added as an alternative to isCertValid(). If the specified certificate is invalid, the new method will throw a CertificateException containing the actual NSS error code and a description instead of just a boolean value returned by the old method. The exception itself will also help locate the error for troubleshooting.
Attachment #8845094 -
Flags: review?(edewata) → review+
Reporter | ||
Comment 9•7 years ago
|
||
Pushed: https://hg.mozilla.org/projects/jss/rev/79ae2566dda0f04b6e4138e35a8f0a7511dcfe24
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 10•7 years ago
|
||
Historical Note: # RHBZ 1074208 - pass up exact JSS certificate validation errors from NSS # https://bugzilla.redhat.com/show_bug.cgi?id=1074208 # author: edewata@redhat.com # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1308026 Patch30: jss-VerifyCertificate-enhancement.patch
Assignee | ||
Comment 11•7 years ago
|
||
There's an additional patch for this bug posted in comment #11 in bug #1308029.
Reporter | ||
Updated•7 years ago
|
Target Milestone: --- → 4.4
You need to log in
before you can comment on or make changes to this bug.
Description
•