Last Comment Bug 340917 - crlutil should init NSS read-only for some options
: crlutil should init NSS read-only for some options
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: 3.11.1
: All All
: P2 normal (vote)
: 3.12
Assigned To: Julien Pierre
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-08 18:55 PDT by Julien Pierre
Modified: 2006-06-09 14:55 PDT (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
only initialize NSS read-only for List, Generate and Modify commands (1.96 KB, patch)
2006-06-08 19:50 PDT, Julien Pierre
alvolkov.bgs: review+
Details | Diff | Splinter Review

Description Julien Pierre 2006-06-08 18:55:55 PDT
Some options, such as list, only require read-only access. But crlutil always opens NSS read/write.
I think the list, generate, and modify CRL options only need read-only.
Alexei, can you confirm this about the last two options ? I believe the CRLs are output to DER files outside the NSS DBs, so write access is not required.
Comment 1 Julien Pierre 2006-06-08 19:50:08 PDT
Created attachment 224961 [details] [diff] [review]
only initialize NSS read-only for List, Generate and Modify commands

Looks like read-only only worked for the list option.
Comment 2 Alexei Volkov 2006-06-09 14:22:59 PDT
The patch will work for list option, but generation/modification of crl will fail
if only modification from attachment 224961 [details] [diff] [review] are applied.

crlutil.c:SignAndStoreCrl also needs to be changed to look for a "slot" only in case when crl will be imported into a db.
Comment 3 Alexei Volkov 2006-06-09 14:23:39 PDT
Comment on attachment 224961 [details] [diff] [review]
only initialize NSS read-only for List, Generate and Modify commands

will work for "list crl(s)" option only
Comment 4 Julien Pierre 2006-06-09 14:55:31 PDT
Thanks for the review, Alexei.

I checked this in to the tip :

Checking in crlutil.c;
/cvsroot/mozilla/security/nss/cmd/crlutil/crlutil.c,v  <--  crlutil.c
new revision: 1.28; previous revision: 1.27
done

Note You need to log in before you can comment on or make changes to this bug.