With all the problems folks have been having importing pkcs12 files, and all the time NSS developers spend diagnosing those troubles, it would be great if pk12util had a verbose diagnostic mode that caused it to output a log of what it's doing internally. Users aren't going to send us their .p12 files, generally, and they shouldn't have to. But we should be able to figure out where it's failing using verbose log output that the tool provides. Note that pk12util already has a -v option, and all it does presently is cause a line to be output at the end, declaring success or failure. I think the implementatino of this might require extended the PKCS12 deocder API with the addition of a new registerable callback function that pk12d calls as it decodes.
Assignee: neil.williams → nobody
I wonder why firefox and thunderbird only say "PKCS#12 operation failed for unknown reason". Why isn't it possible to tell the reason? Yesterday I generated a new certificate with openSSL and it did not import into thunderbird for "unknown reasons". After 2 hours I found the reason: the new serial number was the same as an existing certificate. See also bug 458161 and bug 564403
This bug is about an NSS command line tool. The browser and email clients are NOTORIOUS for saying "for an unknown reason" instead of stating the reason, even when the reason is clearly known to them (in the form of a detailed error code). That's not an NSS problem. See also https://bugzilla.mozilla.org/show_bug.cgi?id=desired
Sorry, I meant to cite: https://bugzilla.mozilla.org/show_bug.cgi?id=unknownreason
You need to log in before you can comment on or make changes to this bug.