pk12util and pkcs12 decoder library need verbose diagnostic mode



12 years ago
8 years ago


(Reporter: Nelson Bolyard (seldom reads bugmail), Unassigned)


Firefox Tracking Flags

(Not tracked)


With all the problems folks have been having importing pkcs12 files, 
and all the time NSS developers spend diagnosing those troubles,
it would be great if pk12util had a verbose diagnostic mode that 
caused it to output a log of what it's doing internally.  
Users aren't going to send us their .p12 files, generally, and they
shouldn't have to.  But we should be able to figure out where it's
failing using verbose log output that the tool provides.  

Note that pk12util already has a -v option, and all it does presently
is cause a line to be output at the end, declaring success or failure.

I think the implementatino of this might require extended the PKCS12
deocder API with the addition of a new registerable callback function
that pk12d calls as it decodes.


11 years ago
Target Milestone: --- → 3.11.8


11 years ago
Target Milestone: 3.11.8 → Future


11 years ago
Target Milestone: Future → ---


11 years ago
Priority: -- → P3


11 years ago
OS: Windows XP → All


10 years ago
Assignee: neil.williams → nobody

Comment 1

8 years ago
I wonder why firefox and thunderbird only say "PKCS#12 operation failed for unknown reason". Why isn't it possible to tell the reason?

Yesterday I generated a new certificate with openSSL and it did not import into thunderbird for "unknown reasons". After 2 hours I found the reason: the new serial number was the same as an existing certificate.

See also bug 458161 and bug 564403
This bug is about an NSS command line tool.

The browser and email clients are NOTORIOUS for saying "for an unknown reason" 
instead of stating the reason, even when the reason is clearly known to them 
(in the form of a detailed error code).  That's not an NSS problem.  See also
You need to log in before you can comment on or make changes to this bug.