If you do not specify a password file on the command line, signtool will not prompt for one. This is because signtool does not call PK11_SetPasswordFunc(). Thus, PK11_Authenticate() will always fail. We aren't catching this in our tests because the tests always use a password file. Signtool should probably handle passwords the same way certutil does, with SECU_GetModulePassword.
Marking P2, not a vulnerability, business need. Duplicate of 162748 *** This bug has been marked as a duplicate of 162748 ***
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Priority: -- → P2
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.