New builds with old databases lose trust

RESOLVED FIXED in 3.6.1

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: kaie, Assigned: Robert Relyea)

Tracking

unspecified
3.6.1

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
See bug 171331 for the problem report in PSM.

There exist databases, where older versions of NSS report some CA certificates
as being trusted, while the latest NSS builds report them as being untrusted.

The problem is reported to be seen by simply switching between old and new
builds back and forth.

Actual behaviour: Previously valid CA certs are now valid

Expected behaviour: NSS should interpret trust in the cert database like it did
in the past.


This bug report is based on what I conclude from bug 171331. I have not been
able to see the problem myself.
(Reporter)

Updated

15 years ago
Blocks: 171331
Summary: New builds with old databases loose trust → New builds with old databases lose trust

Comment 1

15 years ago
We should resolve this bug in NSS 3.7.  If it turns
out to be a regression in NSS 3.6, we should get it
fixed in a 3.6.x patch release.
Assignee: wtc → relyea
Priority: -- → P1
Target Milestone: --- → 3.7

Updated

15 years ago
Blocks: 173939

Comment 2

15 years ago
Torben, why do you think this bug blocks bug 173939?
(Reporter)

Comment 3

15 years ago
I had filed this bug, because I thought it would make sense to track the PSM
status and the NSS status of the issue indepently. I intended to use this bug to
track whether the problem is fixed within NSS, and bug 173939 to track whether
the NSS fix had arrived in PSM.

Comment 4

15 years ago
Kai,

You misunderstood my question.  My question was directed
at Torben because he made this bug block bug 173939.  The
PSM bug you want this bug to track is bug 171331, not
bug 173939.
(Reporter)

Comment 5

15 years ago
You're right, Wan-Teh, sorry.

Comment 6

15 years ago
Re #2:
Due to the simmilarities between bug 171331 and bug 173939. See bug 173939
comment 23 and bug 171331 comment 30 and downwards.

If you feel the dendency is wrong, feel free to remove it.

Note that the cause of bug 173939 probably is bug 174634 which should be fixed
in NSS (but not in the trunk I belive), does this also fix this bug and bug 171331?
(Reporter)

Comment 7

15 years ago
Torben, in answer to your comment 6, please help us and verify whether the fix
from bug 174634 also fixes bug 171331. You could follow the procedure that
Wan-Teh describes in bug 173939 comment 36. Please state in bug 171331 whether
this procudure fixes your problem or not.

Comment 8

15 years ago
Kai, I do not see bug 171331 (I do not use mozilla for mail, and do not have any
Thawte Freemail certificates). I have added a comment in bug 171331 and asked
someone to do the test however.
(Reporter)

Comment 9

15 years ago
I am now confident this has nothing to do with bug 173939, because bug 173939
has been confirmed to been fixed by the patch for bug 174634. But I do have the
patch for bug 174634 in my build, and I do see bug 171331!

Removing dependency.
No longer blocks: 173939
(Assignee)

Comment 10

15 years ago
patch has been checked into NSS tip and NSS 3.6 branch.
(Assignee)

Comment 11

15 years ago
patch is in, bug needs to be closed now..
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED

Comment 12

15 years ago
Set the target milestone to 3.6.1 because the patch
has been checked into the NSS 3.6 branch.  (The patch
is in bug 171331.)
Target Milestone: 3.7 → 3.6.1
You need to log in before you can comment on or make changes to this bug.