Closed
Bug 177556
Opened 22 years ago
Closed 22 years ago
signtool -l always fails
Categories
(NSS :: Tools, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.8
People
(Reporter: bugz, Assigned: bugz)
References
Details
Attachments
(1 file)
|
692 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
As reported in n.p.m.crypto, calling signtool -l will always fail (in debug builds, it hits an assert) because we call CERT_VerifyCert with usage certUsageAnyCA. That case is not handled.
|
Assignee | |
Updated•22 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.7
|
||
Comment 1•22 years ago
|
||
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
|
|
Assignee | |
Comment 2•22 years ago
|
||
The correct code was commented out, not sure why the change was made (the change predates open source, so no cvs history from mozilla.) This seems to work.
|
|
||
Comment 3•22 years ago
|
||
Ian, you can find the cvs history in the internal cvs repository.
|
|
Assignee | |
Comment 4•22 years ago
|
||
I knew there was a reason I was afraid to look... I made that change, though I have no idea why. The change was part of a large checkin that itself was part of the effort to scrub the code before open source release. So there's no info as to why it was done. I think it is obvious enough to just undo the change, so the patch above is correct.
|
|
||
Comment 5•22 years ago
|
||
Comment on attachment 114447 [details] [diff] [review] use VerifyCA instead of AnyCA What does certUsageAnyCA mean? Sigh, there is no comment where it is defined. Maybe the bug is that CERT_CertVerify does not handle certUsageAnyCA?
|
|
Assignee | |
Comment 6•22 years ago
|
||
That's a good question. I think the checkin that caused this bug was a mistake. IIRC (this was a very long time ago), I was having a problem verifying a cert with signtool. I looked at the code, and to me certUsageAnyCA seemed to be proper choice (but as you note, there is no documentation of what the usages mean). I think I was experimenting with that when it surreptitously rode in on my large scrubbing patch. I still think the best thing is to just undo the change.
|
|
||
Comment 7•22 years ago
|
||
Comment on attachment 114447 [details] [diff] [review] use VerifyCA instead of AnyCA r=wtc. I trust your memory, Ian :-)
Attachment #114447 -
Flags: review+
|
|
Assignee | |
Comment 8•22 years ago
|
||
fixed Checking in list.c; /cvsroot/mozilla/security/nss/cmd/signtool/list.c,v <-- list.c new revision: 1.6; previous revision: 1.5 done
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•