Closed Bug 175085 Opened 22 years ago Closed 22 years ago

New builds with old databases lose trust


(NSS :: Libraries, defect, P1)



(Not tracked)



(Reporter: KaiE, Assigned: rrelyea)



See bug 171331 for the problem report in PSM.

There exist databases, where older versions of NSS report some CA certificates
as being trusted, while the latest NSS builds report them as being untrusted.

The problem is reported to be seen by simply switching between old and new
builds back and forth.

Actual behaviour: Previously valid CA certs are now valid

Expected behaviour: NSS should interpret trust in the cert database like it did
in the past.

This bug report is based on what I conclude from bug 171331. I have not been
able to see the problem myself.
Blocks: 171331
Summary: New builds with old databases loose trust → New builds with old databases lose trust
We should resolve this bug in NSS 3.7.  If it turns
out to be a regression in NSS 3.6, we should get it
fixed in a 3.6.x patch release.
Assignee: wtc → relyea
Priority: -- → P1
Target Milestone: --- → 3.7
Blocks: 173939
Torben, why do you think this bug blocks bug 173939?
I had filed this bug, because I thought it would make sense to track the PSM
status and the NSS status of the issue indepently. I intended to use this bug to
track whether the problem is fixed within NSS, and bug 173939 to track whether
the NSS fix had arrived in PSM.

You misunderstood my question.  My question was directed
at Torben because he made this bug block bug 173939.  The
PSM bug you want this bug to track is bug 171331, not
bug 173939.
You're right, Wan-Teh, sorry.
Re #2:
Due to the simmilarities between bug 171331 and bug 173939. See bug 173939
comment 23 and bug 171331 comment 30 and downwards.

If you feel the dendency is wrong, feel free to remove it.

Note that the cause of bug 173939 probably is bug 174634 which should be fixed
in NSS (but not in the trunk I belive), does this also fix this bug and bug 171331?
Torben, in answer to your comment 6, please help us and verify whether the fix
from bug 174634 also fixes bug 171331. You could follow the procedure that
Wan-Teh describes in bug 173939 comment 36. Please state in bug 171331 whether
this procudure fixes your problem or not.
Kai, I do not see bug 171331 (I do not use mozilla for mail, and do not have any
Thawte Freemail certificates). I have added a comment in bug 171331 and asked
someone to do the test however.
I am now confident this has nothing to do with bug 173939, because bug 173939
has been confirmed to been fixed by the patch for bug 174634. But I do have the
patch for bug 174634 in my build, and I do see bug 171331!

Removing dependency.
No longer blocks: 173939
patch has been checked into NSS tip and NSS 3.6 branch.
patch is in, bug needs to be closed now..
Closed: 22 years ago
Resolution: --- → FIXED
Set the target milestone to 3.6.1 because the patch
has been checked into the NSS 3.6 branch.  (The patch
is in bug 171331.)
Target Milestone: 3.7 → 3.6.1
You need to log in before you can comment on or make changes to this bug.