Closed
Bug 262274
Opened 20 years ago
Closed 20 years ago
visibility of PK11_GetCertFromPrivateKey and CERT_DecodeDERCertificate
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.9.3
People
(Reporter: caolanm, Assigned: rrelyea)
Details
Attachments
(3 files, 1 obsolete file)
474 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
516 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
1.58 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040929 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040929 OpenOffice.org 1.9.54 attempt to make use of PK11_GetCertFromPrivateKey and CERT_DecodeDERCertificate from libnss3.so. OOo has patched their own build to provide visible PK11_GetCertFromPrivateKey and CERT_DecodeDERCertificate symbols from libnss3.so (http://external.openoffice.org/source/browse/external/moz/Attic/mozillasource-1.7b.patch) by adding them to nss.def (e.g. http://people.redhat.com/caolanm/systemmozilla/mozilla.nss.OpenOffice.org.patch) They are listed in the nss/pk11func.h and nss/cert.h headers. Should they be visible from libnss3.so ? Or should use not be made of them from external applications ? (mozilla 1.7.3) Reproducible: Always Steps to Reproduce: 1. compile something using PK11_GetCertFromPrivateKey & CERT_DecodeDERCertificate from nss/pk11func.h and nss/cert.h 2. link against libnss3.so for PK11_GetCertFromPrivateKey & CERT_DecodeDERCertificate Actual Results: fails to link Expected Results: link happily
Comment 1•20 years ago
|
||
Bob, Nelson, could you look at this? Is it okay to export PK11_GetCertFromPrivateKey and CERT_DecodeDERCertificate? I remember we debated CERT_DecodeDERCertificate when Nelson tried to make crmftest work again (bug 244329. see also bug 243245).
Assignee: wchang0222 → rrelyea0264
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 2•20 years ago
|
||
OpenOffice.org should not be using CERT_DecodeDERCertificate. The cert returned from that function is not a 'complete' cert. Instead, import the cert as a temp cert. (if we separated the 'cert decoding' from the cert representation, then we could crack a cert without importing it. Stan API's are designed to do that). There is no reason not to export PK11_GetCertFromPrivateKey, however. bob
Reporter | ||
Comment 3•20 years ago
|
||
So if there's no reason not to export PK11_GetCertFromPrivateKey will it be exported in a future release ?
Assignee | ||
Comment 4•20 years ago
|
||
Good point. This patch puts the export in NSS 3.10. If we need it sooner I can supply a separate patch that puts it in NSS 3.9.x, though I think we're trying to close 3.9.3 shortly?
Comment 5•20 years ago
|
||
Comment on attachment 162083 [details] [diff] [review] Export PK11_GetCertFromPrivatekey This is a simple change. I can export the function in NSS 3.9.3. Any objections? I plan to close NSS 3.9.3 today.
Assignee | ||
Comment 6•20 years ago
|
||
The 3.9 version of the patch.
Assignee | ||
Comment 7•20 years ago
|
||
This patch also updates the 3.10 branch to be consistant with the 3.9.3 export list. (there were two missing functions). Since we plan to export this in 3.9.3, we need to move the export the 3.9.3 export block in our 3.10 patch
Attachment #162083 -
Attachment is obsolete: true
Assignee | ||
Comment 8•20 years ago
|
||
Comment on attachment 162102 [details] [diff] [review] 3.9.3 version of patch (add PK11_GetCertFromPrivateKey wtc: please review
Attachment #162102 -
Flags: review?(wchang0222)
Assignee | ||
Comment 9•20 years ago
|
||
Comment on attachment 162103 [details] [diff] [review] new 3.10 patch. wtc please review
Attachment #162103 -
Flags: review?(wchang0222)
Updated•20 years ago
|
Attachment #162102 -
Flags: review?(wchang0222) → review+
Updated•20 years ago
|
Attachment #162103 -
Flags: review?(wchang0222) → review+
Assignee | ||
Comment 10•20 years ago
|
||
This change doesn't have a compile issue since on NSS 3.10 pk11priv.h and pk11pub.h are new and both are included in pk11func.h, but the current rules are anything publically exported should be in a public header, so this change is needed for cleanliness. No equivalent change is needed in NSS 3.9.3 since all the functions are listed in pk11func.h flat without any indication of which are public and which are private. bob
Assignee | ||
Comment 11•20 years ago
|
||
All the patches are checked into the appropriate branches. (including the header change for NSS 3.10). bob
Comment 12•20 years ago
|
||
Marked the bug fixed.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.9.3
You need to log in
before you can comment on or make changes to this bug.
Description
•