Last Comment Bug 175085 - New builds with old databases lose trust
: New builds with old databases lose trust
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: unspecified
: All All
P1 normal (vote)
: 3.6.1
Assigned To: Robert Relyea
: Bishakha Banerjee
Depends on:
Blocks: 171331
  Show dependency treegraph
Reported: 2002-10-17 13:27 PDT by Kai Engert (:kaie)
Modified: 2002-11-14 13:31 PST (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---


Description User image Kai Engert (:kaie) 2002-10-17 13:27:12 PDT
See bug 171331 for the problem report in PSM.

There exist databases, where older versions of NSS report some CA certificates
as being trusted, while the latest NSS builds report them as being untrusted.

The problem is reported to be seen by simply switching between old and new
builds back and forth.

Actual behaviour: Previously valid CA certs are now valid

Expected behaviour: NSS should interpret trust in the cert database like it did
in the past.

This bug report is based on what I conclude from bug 171331. I have not been
able to see the problem myself.
Comment 1 User image Wan-Teh Chang 2002-10-17 16:10:51 PDT
We should resolve this bug in NSS 3.7.  If it turns
out to be a regression in NSS 3.6, we should get it
fixed in a 3.6.x patch release.
Comment 2 User image Wan-Teh Chang 2002-10-22 17:29:42 PDT
Torben, why do you think this bug blocks bug 173939?
Comment 3 User image Kai Engert (:kaie) 2002-10-22 18:38:32 PDT
I had filed this bug, because I thought it would make sense to track the PSM
status and the NSS status of the issue indepently. I intended to use this bug to
track whether the problem is fixed within NSS, and bug 173939 to track whether
the NSS fix had arrived in PSM.
Comment 4 User image Wan-Teh Chang 2002-10-22 18:45:02 PDT

You misunderstood my question.  My question was directed
at Torben because he made this bug block bug 173939.  The
PSM bug you want this bug to track is bug 171331, not
bug 173939.
Comment 5 User image Kai Engert (:kaie) 2002-10-22 18:50:25 PDT
You're right, Wan-Teh, sorry.
Comment 6 User image Torben 2002-10-23 02:04:26 PDT
Re #2:
Due to the simmilarities between bug 171331 and bug 173939. See bug 173939
comment 23 and bug 171331 comment 30 and downwards.

If you feel the dendency is wrong, feel free to remove it.

Note that the cause of bug 173939 probably is bug 174634 which should be fixed
in NSS (but not in the trunk I belive), does this also fix this bug and bug 171331?
Comment 7 User image Kai Engert (:kaie) 2002-10-24 14:43:25 PDT
Torben, in answer to your comment 6, please help us and verify whether the fix
from bug 174634 also fixes bug 171331. You could follow the procedure that
Wan-Teh describes in bug 173939 comment 36. Please state in bug 171331 whether
this procudure fixes your problem or not.
Comment 8 User image Torben 2002-10-25 02:04:02 PDT
Kai, I do not see bug 171331 (I do not use mozilla for mail, and do not have any
Thawte Freemail certificates). I have added a comment in bug 171331 and asked
someone to do the test however.
Comment 9 User image Kai Engert (:kaie) 2002-10-25 19:45:57 PDT
I am now confident this has nothing to do with bug 173939, because bug 173939
has been confirmed to been fixed by the patch for bug 174634. But I do have the
patch for bug 174634 in my build, and I do see bug 171331!

Removing dependency.
Comment 10 User image Robert Relyea 2002-10-31 15:20:57 PST
patch has been checked into NSS tip and NSS 3.6 branch.
Comment 11 User image Robert Relyea 2002-11-08 11:23:37 PST
patch is in, bug needs to be closed now..
Comment 12 User image Wan-Teh Chang 2002-11-14 13:31:01 PST
Set the target milestone to 3.6.1 because the patch
has been checked into the NSS 3.6 branch.  (The patch
is in bug 171331.)

Note You need to log in before you can comment on or make changes to this bug.