Closed
Bug 177556
Opened 22 years ago
Closed 22 years ago
signtool -l always fails
Categories
(NSS :: Tools, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.8
People
(Reporter: bugz, Assigned: bugz)
References
Details
Attachments
(1 file)
692 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
As reported in n.p.m.crypto, calling signtool -l will always fail (in debug builds, it hits an assert) because we call CERT_VerifyCert with usage certUsageAnyCA. That case is not handled.
Assignee | ||
Updated•22 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.7
Comment 1•22 years ago
|
||
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Assignee | ||
Comment 2•22 years ago
|
||
The correct code was commented out, not sure why the change was made (the change predates open source, so no cvs history from mozilla.) This seems to work.
Comment 3•22 years ago
|
||
Ian, you can find the cvs history in the internal cvs repository.
Assignee | ||
Comment 4•22 years ago
|
||
I knew there was a reason I was afraid to look... I made that change, though I have no idea why. The change was part of a large checkin that itself was part of the effort to scrub the code before open source release. So there's no info as to why it was done. I think it is obvious enough to just undo the change, so the patch above is correct.
Comment 5•22 years ago
|
||
Comment on attachment 114447 [details] [diff] [review] use VerifyCA instead of AnyCA What does certUsageAnyCA mean? Sigh, there is no comment where it is defined. Maybe the bug is that CERT_CertVerify does not handle certUsageAnyCA?
Assignee | ||
Comment 6•22 years ago
|
||
That's a good question. I think the checkin that caused this bug was a mistake. IIRC (this was a very long time ago), I was having a problem verifying a cert with signtool. I looked at the code, and to me certUsageAnyCA seemed to be proper choice (but as you note, there is no documentation of what the usages mean). I think I was experimenting with that when it surreptitously rode in on my large scrubbing patch. I still think the best thing is to just undo the change.
Comment 7•22 years ago
|
||
Comment on attachment 114447 [details] [diff] [review] use VerifyCA instead of AnyCA r=wtc. I trust your memory, Ian :-)
Attachment #114447 -
Flags: review+
Assignee | ||
Comment 8•22 years ago
|
||
fixed Checking in list.c; /cvsroot/mozilla/security/nss/cmd/signtool/list.c,v <-- list.c new revision: 1.6; previous revision: 1.5 done
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•