Using AS with new NSS3.4 RC2. Trying to install a new cerificate and the security CGI crashes in NSS. The call stack is  nssTrustDomain_GetCertsForSubjectFromCache(td = (nil), subject = 0xecb24, certListOpt = 0xeeff8), line 845 in "tdcache.c"  NSSTrustDomain_FindCertificatesBySubject(td = (nil), subject = 0xecb24, rvOpt = (nil), maximumOpt = 0, arenaOpt = (nil)), line 675 in "trustdomain.c"  find_issuer_cert_for_identifier(c = 0xecaf0, id = 0xeb858), line 307 in "certificate.c"  NSSCertificate_BuildChain(c = 0xecaf0, timeOpt = 0xeb828, usage = 0xffbef1b0, policiesOpt = (nil), rvOpt = 0xffbef1a4, rvLimit = 2U, arenaOpt = (nil), statusOpt = 0xffbef1a0), line 356 in "certificate.c"  CERT_FindCertIssuer(cert = 0xe8840, validTime = 1018057399953784LL, usage = certUsageSSLServer), line 409 in "certvfy.c"  CERT_VerifyCertChain(handle = 0xdd688, cert = 0xe8840, checkSig = 1, certUsage = certUsageSSLServer, t = 1018057399953784LL, wincx = (nil), log = (nil)), line 702 in "certvfy.c"  CERT_VerifyCert(handle = 0xdd688, cert = 0xe8840, checkSig = 1, certUsage = certUsageSSLServer, t = 1018057399953784LL, wincx = (nil), log = (nil)), line 1138 in "certvfy.c"  CERT_VerifyCertNow(handle = 0xdd688, cert = 0xe8840, checkSig = 1, certUsage = certUsageSSLServer, wincx = (nil)), line 1179 in "certvfy.c"  printCertUsageInfo(description = 0x5417f "^I^I<SSLServer></SSLServer>\n", usage = certUsageSSLServer, cert = 0xe8840), line 356 in "security.c" => printCert(cert = 0xe8840, key = (nil), detail = 0xffbef9c0, forcePrint_CertType = 0x546a9 "SERVER"), line 531 in "security.c"  installCertificate(tokenName = 0xbb300 "internal (software)", certname = (nil)), line 1177 in "security.c"  main(argc = 1, argv = 0xffbefb1c), line 2132 in "security.c" The same behavior is both on NT and Solaris 2.8. Bob Relyea has looked at the problem and recognized a NSS bug. He says there is no workaround for this and NSS needs to be fixed.
Assigned the bug to Bob. Target NSS 3.4.1.
Assignee: wtc → relyea
Target Milestone: --- → 3.4.1
The problem seems to be with the CERT_ImportCerts() call. It creates a cert without the nickname.
OS: Windows 2000 → All
Actually it creates a cert without lots of things. In this case without a CERTDBHandle (Trust domain).
Bob, It looks to me like CERT_ImportCerts should be calling CERT_NewTempCertificate if keepCert == PR_FALSE. Is that correct?
Yup, that's the bug. It's a pretty easy fix.
Created attachment 78449 [details] [diff] [review] call CERT_NewTemp CERT_ImportCerts was changed from 3.3 to not call CERT_NewTempCertificate. When keepCerts == PR_FALSE, I believe that is the correct call. Here is my proposed patch (I don't have the test case).
Comment on attachment 78449 [details] [diff] [review] call CERT_NewTemp This is precisely the patch I had in mind. Approved.
Attachment #78449 - Flags: review+
checked in to tip.
Created attachment 81047 [details] [diff] [review] New patch This patch is the fix that is currently in the tip. Bob suggested that we check in this fix on the NSS_3_4_BRANCH. Bob, Ian, please review this new patch.
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Created attachment 81161 [details] [diff] [review] additional patch needed for 3.4 branch This change is also needed on the branch. Checked in.
*** Bug 140338 has been marked as a duplicate of this bug. ***
Ok, this is checked in on the tip and in NSS 3.4.2 Beta 1
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
Set target milestone to NSS 3.4.2.
Target Milestone: 3.4.1 → 3.4.2
adt1.0.1+ (on ADT's behalf) for checkin to the 1.0 branch. Pls check this in asap. thanks!
Keywords: adt1.0.1+, mozilla1.0.1, nsbeta1+
Whiteboard: [adt2 RTM]
You need to log in before you can comment on or make changes to this bug.