357010 - Certificate import broke in nsNSSCertificateDB.cpp 1.23

Status: RESOLVED DUPLICATE of bug 360528

(Core :: Security: PSM, defect)

Description

[Martin v. Löwis]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060830 Firefox/1.5.0.7 (Debian-1.5.dfsg+1.5.0.7-2)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060830 Firefox/1.5.0.7 (Debian-1.5.dfsg+1.5.0.7-2)

Trying to import an email certificate now  gives an error message that the import failed because the verification failed. This message is bogus due to a bug in the code; I can't see how it could work at all since r1.23 of nsNSSCertificateDB.cpp.

Reproducible: Always

Steps to Reproduce:
1.Try importing a certificate
2.
3.

Actual Results:  
The certificate should get imported.

Expected Results:  
An error message is displayed

The problem is that the block

    if (!alert_and_skip) {
      CERT_CertChainFromCert(node->cert, certusage, PR_FALSE);
      if (!certChain) {
        alert_and_skip = true;
      }
    }

doesn't attempt to set certChain, so it's no surprise it stays at null.
I'll attach a patch

Comment 1

[Martin v. Löwis]

Attachment: Patch to re-enable import

Comment 2

[timeless]

Comment on attachment 242543 [details] [diff] [review]
Patch to re-enable import

someone should tell sunbird that their branch point is unfortunate :).

Comment 3

[Kaspar]

This was fixed with when bug 360528 was resolved (with exactly the same patch...), so somebody who has the power to do so should resolve this one here, too.