Closed
Bug 430916
Opened 17 years ago
Closed 17 years ago
add sustaining asserts
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.1
People
(Reporter: julien.pierre, Assigned: julien.pierre)
Details
Attachments
(1 file)
508 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
Normally as a rule, we try to only assert on coding errors, not bad external data. I feel however that there are some exceptions for certain particularly egregious errors, in the case of reused issuer and serial number. Often with some products, the errors are not properly reported all the way to the end user. And we can spend a lot of time debugging this kind of problem for no good reason.
I have attached a patch that is #ifdef'ed just for me. But if you agree, I would prefer to have that without ifdef.
Assignee | ||
Updated•17 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.12.1
Assignee | ||
Comment 1•17 years ago
|
||
Nelson,
Please let me know also if you are in favor of having this non-ifdef'ed.
Attachment #317835 -
Flags: review?(nelson)
Comment 2•17 years ago
|
||
Comment on attachment 317835 [details] [diff] [review]
assert on SEC_ERROR_REUSED_ISSUER_AND_SERIAL_NUMBER
Julien, I'm sure it would not be appropriate to put that assertion into
Mozilla browsers. Personally, I would not want to encounter it in NSS tools,
either. So, I do not favor putting THIS assertion in unconditionally,
but I'm not opposed to it in its present ifdef'ed form.
Is there some particular product or family of products you have in mind
that fails to report this error?
Can we detect that NSS is being used by those products?
Attachment #317835 -
Flags: review?(nelson) → review+
Assignee | ||
Comment 3•17 years ago
|
||
Nelson,
Our own pk12util still fails to report proper errors. Somebody sent me a p12 file with 2 certs with same issuer & serial in it. All I got was a generic error, and I had to trace the code to figure it out.
I suspect mozilla PKCS#12 import would do the same.
I thought about surrounding this with a getenv, but I think that would be way too expensive given how common PORT_SetError is.
Comment 4•17 years ago
|
||
In reply to comment 3, please file a bug against our PKCS#12 code about this.
I'd suggest filing it against the utility first, and then that can be changed
to be against the library in case it is found to be the fault of the library
code.
Assignee | ||
Comment 6•17 years ago
|
||
Checking in secport.c;
/cvsroot/mozilla/security/nss/lib/util/secport.c,v <-- secport.c
new revision: 1.22; previous revision: 1.21
done
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•