crlutil should init NSS read-only for some options

RESOLVED FIXED in 3.12

Status

NSS
Tools
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Julien Pierre, Assigned: Julien Pierre)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

11 years ago
Some options, such as list, only require read-only access. But crlutil always opens NSS read/write.
I think the list, generate, and modify CRL options only need read-only.
Alexei, can you confirm this about the last two options ? I believe the CRLs are output to DER files outside the NSS DBs, so write access is not required.
(Assignee)

Comment 1

11 years ago
Created attachment 224961 [details] [diff] [review]
only initialize NSS read-only for List, Generate and Modify commands

Looks like read-only only worked for the list option.
Assignee: nobody → julien.pierre.bugs
Status: NEW → ASSIGNED
Attachment #224961 - Flags: review?(alexei.volkov.bugs)

Comment 2

11 years ago
The patch will work for list option, but generation/modification of crl will fail
if only modification from attachment 224961 [details] [diff] [review] are applied.

crlutil.c:SignAndStoreCrl also needs to be changed to look for a "slot" only in case when crl will be imported into a db.

Comment 3

11 years ago
Comment on attachment 224961 [details] [diff] [review]
only initialize NSS read-only for List, Generate and Modify commands

will work for "list crl(s)" option only
Attachment #224961 - Flags: review?(alexei.volkov.bugs) → review+
(Assignee)

Comment 4

11 years ago
Thanks for the review, Alexei.

I checked this in to the tip :

Checking in crlutil.c;
/cvsroot/mozilla/security/nss/cmd/crlutil/crlutil.c,v  <--  crlutil.c
new revision: 1.28; previous revision: 1.27
done
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Priority: -- → P2
Resolution: --- → FIXED
Target Milestone: --- → 3.12
Version: unspecified → 3.11.1
You need to log in before you can comment on or make changes to this bug.