Closed
Bug 418398
Opened 16 years ago
Closed 16 years ago
Need some high level libpkix tracing for mental sanity
Categories
(NSS :: Libraries, enhancement, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: KaiE, Assigned: KaiE)
Details
(Whiteboard: PKIX)
Attachments
(4 files, 2 obsolete files)
55.04 KB,
text/plain
|
Details | |
8.80 KB,
patch
|
KaiE
:
review+
|
Details | Diff | Splinter Review |
4.07 KB,
patch
|
Details | Diff | Splinter Review | |
2.31 KB,
patch
|
Details | Diff | Splinter Review |
We had discussed this in the past: libpkix produces tons of trace output. It's too much to be of real help. Today I tried to analyze bug 418367. Again, I was frustrated about monster function pkix_BuildForwardDepthFirstSearch which is really hard to trace, because it tries several alternatives, and even if it finds a failure, it might continue to test. So it's really really difficult to know where to look. I decided I need some high level tracing to understand which certificate is currently being tested. Also, I should have a log of the failures only, to understand which temporary failures occurred and which temporary failure might have caused the final failure. I am attaching a patch that greatly helped me in identifying this case. I think the patch is not appropriate for check in as is, because I used fprintf(stderr) to ensure I get exactly this output, without anything else (that would confuse me by amount). I am attaching a logfile that was produced with this patch, as an illustration what this patch does. I certainly will use this patch whenever I have to debug cert verification failures in the future.
Assignee | ||
Comment 1•16 years ago
|
||
Assignee | ||
Comment 2•16 years ago
|
||
Assignee | ||
Updated•16 years ago
|
Attachment #304220 -
Flags: review?(alexei.volkov.bugs)
Assignee | ||
Updated•16 years ago
|
Whiteboard: PKIX
Comment 3•16 years ago
|
||
Comment on attachment 304220 [details] [diff] [review] Patch v1 I think the code generates quite helpful info. Looks good to me.
Attachment #304220 -
Flags: review?(alexei.volkov.bugs) → review+
Comment 4•16 years ago
|
||
Comment on attachment 304220 [details] [diff] [review] Patch v1 One thing though I'd like you to change: we have NSPR log module called "pkix". I think we should use it instead of printf(probably with log level 2). Please do modifications to your patch and integrate it.
Comment 5•16 years ago
|
||
Yeah, we definitely should NOT be putting any printfs into NSS shared libraries. We should not be using stdin, stdout, or stderr in them. We should be using NSPR's logging feature (as we already do elsewhere in NSS). It's probably a pretty straightforward change to replace all those printfs with the equivalent NSPR log functions (which are syntactically a lot like printf).
Updated•16 years ago
|
Priority: -- → P2
Assignee | ||
Comment 6•16 years ago
|
||
Thanks Alexei. I updated the patch to use pkixLog and I also improved the indenting. Carrying forward your r=
Attachment #304220 -
Attachment is obsolete: true
Attachment #307684 -
Flags: review+
Assignee | ||
Comment 7•16 years ago
|
||
fixed Checking in top/pkix_build.c; /cvsroot/mozilla/security/nss/lib/libpkix/pkix/top/pkix_build.c,v <-- pkix_build.c new revision: 1.19; previous revision: 1.18 done Checking in top/pkix_validate.c; /cvsroot/mozilla/security/nss/lib/libpkix/pkix/top/pkix_validate.c,v <-- pkix_validate.c new revision: 1.8; previous revision: 1.7 done Checking in util/pkix_tools.h; /cvsroot/mozilla/security/nss/lib/libpkix/pkix/util/pkix_tools.h,v <-- pkix_tools.h new revision: 1.16; previous revision: 1.15 done
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 8•16 years ago
|
||
Reopening, because I caused tinderbox to be orange. I failed to adjust function pkix_trace_dump_cert. I was searching for "printf", and didn't see the PKIX_DEBUG_ARG statements, which seem to always dump. Will attach fix within the next hour.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 9•16 years ago
|
||
One more problem. pkixLog is always NULL in my testing, so I never get any output! :-/
Assignee | ||
Comment 10•16 years ago
|
||
Change the remaining dump code to use PR_LOG. Also use PR_LOGGING to avoid compiling the code in optimized mode.
Attachment #308014 -
Flags: review?(alexei.volkov.bugs)
Updated•16 years ago
|
Attachment #308014 -
Flags: review?(alexei.volkov.bugs) → review+
Comment 11•16 years ago
|
||
Comment on attachment 308014 [details] [diff] [review] Patch v3 PR_LOG is indented with only two spaces. Should be four.
Comment 12•16 years ago
|
||
Kai, please also make sure, that this additional logging is disabled by default. ToString operations in libpkix are not thread safe.
Assignee | ||
Comment 13•16 years ago
|
||
I checked this patch in. Compared to v3, I wrapped all string producing code in a PR_LOG_TEST. Checking in top/pkix_build.c; /cvsroot/mozilla/security/nss/lib/libpkix/pkix/top/pkix_build.c,v <-- pkix_build.c new revision: 1.20; previous revision: 1.19 done Checking in top/pkix_validate.c; /cvsroot/mozilla/security/nss/lib/libpkix/pkix/top/pkix_validate.c,v <-- pkix_validate.c new revision: 1.9; previous revision: 1.8 done Checking in util/pkix_tools.h; /cvsroot/mozilla/security/nss/lib/libpkix/pkix/util/pkix_tools.h,v <-- pkix_tools.h new revision: 1.17; previous revision: 1.16 done
Attachment #308014 -
Attachment is obsolete: true
Assignee | ||
Comment 14•16 years ago
|
||
Maybe I should have marked this bug as fixed when I did comment 13. On the other hand, I still don't know how to actually enable this new logging, because as I said in comment 9, pkixLog is always NULL. I propose to leave this bug open until we have answered that question. In the meantime, I'm using this local patch to turn it on (fprintf to stderr).
Comment 15•16 years ago
|
||
Kai, pkixLog is set to a non-NULL value when the environment variable NSS_STRICT_SHUTDOWN is defined, regardless of its value.
Assignee | ||
Comment 16•16 years ago
|
||
Thanks Nelson! I've tried the following, which indeed works for me. Marking as fixed. NSPR_LOG_MODULES="pkix:5" NSS_STRICT_SHUTDOWN="x"
Status: REOPENED → RESOLVED
Closed: 16 years ago → 16 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 17•16 years ago
|
||
(In reply to comment #16) > I've tried the following, which indeed works for me. > NSPR_LOG_MODULES="pkix:5" NSS_STRICT_SHUTDOWN="x" I've documented that on new wiki page http://wiki.mozilla.org/NSS:Tracing Please feel free to add quick notes about your favorite NSS logging environment variables etc.
Comment 18•16 years ago
|
||
http://wiki.mozilla.org is for project planning. You should move this page to http://developer.mozilla.org.
Updated•16 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Updated•16 years ago
|
Assignee: nobody → kaie
Severity: normal → enhancement
Status: REOPENED → NEW
Target Milestone: --- → 3.12
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago → 16 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•