Last Comment Bug 252271 - CERT_VerifyCert with param certUsageVerifyCA fails or asserts
: CERT_VerifyCert with param certUsageVerifyCA fails or asserts
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.9
: All All
P1 normal (vote)
: 3.9.3
Assigned To: Nelson Bolyard (seldom reads bugmail)
: Bishakha Banerjee
Depends on:
Blocks: 249004
  Show dependency treegraph
Reported: 2004-07-20 06:39 PDT by Kai Engert (:kaie)
Modified: 2006-03-12 17:46 PST (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

Proposed fix (3.46 KB, patch)
2004-07-20 06:40 PDT, Kai Engert (:kaie)
rrelyea: review+
julien.pierre: superreview+
Details | Diff | Splinter Review

Description User image Kai Engert (:kaie) 2004-07-20 06:39:12 PDT
Bob recommended I could call CERT_VerifyCert with certUsageVerifyCA to check
whether the given cert is a valid CA cert.
However, this crashes using NSS code on branch MOZILLA_1_7_0_BRANCH as of
Mozilla 1.7.1
Comment 1 User image Kai Engert (:kaie) 2004-07-20 06:40:39 PDT
Created attachment 153769 [details] [diff] [review]
Proposed fix

If you agree with this patch, I would like to land it on MOZILLA_1_7_0_BRANCH
as part of the fix for bug 249004.
Comment 2 User image Robert Relyea 2004-07-20 09:55:20 PDT
Comment on attachment 153769 [details] [diff] [review]
Proposed fix

I'd like Julien to review this as well. If it goes in, I'd like to see it go
into the trunk and 3.9 branch as well.

Comment 3 User image Julien Pierre 2004-07-20 23:03:24 PDT

Was this case just asserting in the "default" case of the switch statement, or
is it also crashing in optimized code, and if so, how ? I'd like to understand
this better before putting the sr+ flag.
Comment 4 User image Kai Engert (:kaie) 2004-07-21 04:17:04 PDT
Julien, yes, it was crashing because of the PORT_Assert in the default statement.
Comment 5 User image Kai Engert (:kaie) 2004-07-27 14:15:31 PDT
Could you please include this patch in NSS_CLIENT_TAG?
This is required to land bug 249004 on the trunk of Mozilla.
Thanks a lot.
Comment 6 User image Nelson Bolyard (seldom reads bugmail) 2004-07-27 16:34:10 PDT
Marking P1 for NSS 3.9.3.  

Note that this bug (midssing case) was fixed on the trunk in rev 1.65, 
back in April.  That revision was supposently ported to the NSS 3.9 branch
for mozilla 1.7, but this fix was apprently omitted.  :( 
So, this patch needs to go into the 3.9 branch, and the tag moved to the 
new revision for that file only.  
Comment 7 User image Nelson Bolyard (seldom reads bugmail) 2004-07-27 16:49:07 PDT
Taking bug.
Comment 8 User image Nelson Bolyard (seldom reads bugmail) 2004-07-27 17:16:08 PDT
Checking in certdb.c; new revision:; previous revision:

I moved the NSS_CLIENT_TAG from to

Note You need to log in before you can comment on or make changes to this bug.