Closed
Bug 138626
Opened 22 years ago
Closed 22 years ago
Deleted certs delivered by PK11_ListCerts
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.5
People
(Reporter: KaiE, Assigned: bugz)
References
Details
(Whiteboard: [adt2 RTM])
Attachments
(1 file)
680 bytes,
patch
|
Details | Diff | Splinter Review |
Delete a user cert using PK11_DeleteTokenCertAndKey. Use PK11_ListCerts(PK11CertListUser) to obtain a list of all user certs. Actual behaviour: The result list contains the deleted cert.
Comment 1•22 years ago
|
||
adding adt and nsbeta1 so that it makes it into rtm.
Keywords: nsbeta1+
Whiteboard: [adt2]
Assignee | ||
Comment 2•22 years ago
|
||
I've seen this behavior, and it is always for the same reason -- the cert has been leaked. PSM has code that delays the actual deletion of the cert until the last reference goes away. Additionally, if there are references to the cert, it will show up in NSS's cache. What you should look at is the refCount of the cert, and try to find the leak. Actually, I just looked at the nsNSSCertificate destructor. It does not call CERT_DestroyCertificate after calling PK11_DeleteTokenCertAndKey when mPermDelete is true.
Comment 3•22 years ago
|
||
So there is 2 issues here: 1) the cert is leaked. 2) delete should remove the cert from the cache, even if it is leaked. bob
Comment 4•22 years ago
|
||
Is this fixed - Bug 129067 has been fixed and verified.
Reporter | ||
Comment 5•22 years ago
|
||
> Is this fixed - Bug 129067 has been fixed and verified. Charles, no. This is a tracking bug for the NSS component. Bug 129067 uses a workaround for this bug, but this bug has not yet been fixed.
Assignee | ||
Comment 7•22 years ago
|
||
patch checked in
Reporter | ||
Comment 8•22 years ago
|
||
Thanks for the patch. I was curious to see whether this patch alone is sufficient to fix bug 129067, but it is not. But I believe you expected that, because you believe we have leaks in PSM. Ian, how can I look at the refCount of a CERT_Certificate from the code? My impression is that the direct refcount member is not the real refcount.
Assignee | ||
Comment 10•22 years ago
|
||
Ah, blimey. I forgot PK11_DeleteTokenCertAndKey is a different code path than SEC_DeletePermCertificate (sigh). You can find the actual refCount in cert->nssCertificate->object.refCount.
Assignee | ||
Comment 11•22 years ago
|
||
I must correct myself. PK11_DeleteTokenCertAndKey *does* call SEC_DeletePermCertificate, so my patch should get the cert out of the cache.
Comment 12•22 years ago
|
||
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Reporter | ||
Comment 13•22 years ago
|
||
I'm marking this fixed, because Wan-Teh today landed this patch together with other changes on the NSS_CLIENT_TAG.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 15•22 years ago
|
||
Does this need to be checked into the 1.0 branch? If yes, please nominate for checkin with adt1.0.1 and Mozilla1.0.1 keywords.
Whiteboard: [adt2] → [adt2 RTM]
Comment 16•22 years ago
|
||
Yes, this needs to be checked into the 1.0 branch. Added the adt1.0.1 and mozilla1.0.1 keywords.
Keywords: adt1.0.1,
mozilla1.0.1
Updated•22 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•