Open
Bug 461571
Opened 16 years ago
Updated 4 months ago
###!!! ASSERTION: Could not find EV root in NSS storage: 'entry.cert', file /home/mmokrejs/proj/comm-central/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp, line 753
Categories
(Core :: Security, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: mmokrejs, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
188.28 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20081003 SeaMonkey/1.1.12 Build Identifier: ###!!! ASSERTION: Could not find EV root in NSS storage: 'entry.cert', file /home/mmokrejs/proj/comm-central/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp, line 753 Don't know what really triggered this. I was testing current comm-central TRUNK build - mailer and browser. ###!!! ASSERTION: Could not find EV root in NSS storage: 'entry.cert', file /home/mmokrejs/proj/comm-central/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp, line 753 Reproducible: Always Steps to Reproduce: 1. 2. 3.
Comment 1•16 years ago
|
||
1) Home-compile or download from Mozilla? 2) Had the browser started? 3) if the answer to (2) was yes: What's the "Build Identifier" shown at the bottom of the page it (not your Sm 1.1.12) displays when you type "about:" (without the quotes) in the URL bar then hit Enter? 4) if the answer to (2) was yes: Do you remember which page you were browsing when the error happened?
Reporter | ||
Comment 2•16 years ago
|
||
1Home-compile.(In reply to comment #1) > 1) Home-compile or download from Mozilla? Home-compile. > 2) Had the browser started? Yes. > 3) if the answer to (2) was yes: What's the "Build Identifier" shown at the > bottom of the page it (not your Sm 1.1.12) displays when you type "about:" > (without the quotes) in the URL bar then hit Enter? > 4) if the answer to (2) was yes: Do you remember which page you were browsing > when the error happened? It happened when I went to mozilla bugzilla, see below reproduced case when I clicked on one of the URLs listed in email generated by bugzilla. WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && window) failed: file /home/mmokrejs/proj/comm-central/mozilla/content/xul/document/src/nsXULCommandDispatcher.cpp, line 175 WARNING: Positioned frame that does not handle positioned kids; looking further up the parent chain: file /home/mmokrejs/proj/comm-central/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7755 ++WEBSHELL 0xb6a352e0 == 11 ++DOMWINDOW == 20 (0xb07750f0) [serial = 88] [outer = (nil)] ++DOMWINDOW == 21 (0xb07752a0) [serial = 89] [outer = 0xb07750c0] WARNING: NS_ENSURE_TRUE(aURI) failed: file /home/mmokrejs/proj/comm-central/mozilla/docshell/base/nsDefaultURIFixup.cpp, line 76 ###!!! ASSERTION: non-root frame's desired size changed during an incremental reflow: '(target == rootFrame && size.height == NS_UNCONSTRAINEDSIZE) || (desiredSize.width == size.width && desiredSize.height == size.height)', file /home/mmokrejs/proj/comm-central/mozilla/layout/base/nsPresShell.cpp, line 6331 ###!!! ASSERTION: Could not find EV root in NSS storage: 'entry.cert', file /home/mmokrejs/proj/comm-central/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp, line 753 ++DOMWINDOW == 22 (0xb0775600) [serial = 90] [outer = 0xb07750c0] WARNING: recurring into frame construction: 'mPresContext->mLayoutPhaseCount[eLayoutPhase_FrameC] == 0', file ../../dist/include/layout/nsPresContext.h, line 936 JavaScript error: https://bugzilla.mozilla.org/show_bug.cgi?id=334872, line 1102: keywordAutoComplete.textboxFocusEvent is null WARNING: recurring into frame construction: 'mPresContext->mLayoutPhaseCount[eLayoutPhase_FrameC] == 0', file ../../dist/include/layout/nsPresContext.h, line 936 ###!!! ASSERTION: non-root frame's desired size changed during an incremental reflow: '(target == rootFrame && size.height == NS_UNCONSTRAINEDSIZE) || (desiredSize.width == size.width && desiredSize.height == size.height)', file /home/mmokrejs/proj/comm-central/mozilla/layout/base/nsPresShell.cpp, line 6331 Document https://bugzilla.mozilla.org/show_bug.cgi?id=334872 loaded successfully --DOMWINDOW == 21 (0xb0774d90) [serial = 86] [outer = 0xb0772ba0] [url = mailbox:///home/mmokrejs/.mozilla/seamonkey/79dhxvke.default/Mail/Local%20Folders/mozilla-testcases?number=3064339] --DOMWINDOW == 20 (0xb07752a0) [serial = 89] [outer = 0xb07750c0] [url = about:blank] Starting seamonkey browser from scratch and visiting https site gives me this: ###!!! ASSERTION: Could not find EV root in NSS storage: 'entry.cert', file /home/mmokrejs/proj/comm-central/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp, line 753 ++DOMWINDOW == 11 (0xb0772870) [serial = 11] [outer = 0xb6926d70] WARNING: recurring into frame construction: 'mPresContext->mLayoutPhaseCount[eLayoutPhase_FrameC] == 0', file ../../dist/include/layout/nsPresContext.h, line 936 JavaScript error: https://bugzilla.mozilla.org/show_bug.cgi?id=461571, line 1055: keywordAutoComplete.textboxFocusEvent is null WARNING: recurring into frame construction: 'mPresContext->mLayoutPhaseCount[eLayoutPhase_FrameC] == 0', file ../../dist/include/layout/nsPresContext.h, line 936 ###!!! ASSERTION: non-root frame's desired size changed during an incremental reflow: '(target == rootFrame && size.height == NS_UNCONSTRAINEDSIZE) || (desiredSize.width == size.width && desiredSize.height == size.height)', file /home/mmokrejs/proj/comm-central/mozilla/layout/base/nsPresShell.cpp, line 6331 Document https://bugzilla.mozilla.org/show_bug.cgi?id=461571 loaded successfully --DOMWINDOW == 10 (0xb6927cd0) [serial = 10] [outer = 0xb6926d70] [url = about:blank]
Reporter | ||
Comment 3•16 years ago
|
||
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b2pre) Gecko/20081023 SeaMonkey/2.0a2pre about:buildconfig Source Built from http://hg.mozilla.org/mozilla-central/rev/08acbba6e8f0+ Build platform target i686-pc-linux-gnu Build tools Compiler Version Compiler flags gcc gcc version 4.3.2 (Gentoo 4.3.2 p1.0) -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -W -Wno-long-long -pedantic -fno-strict-aliasing -pthread -pipe -DDEBUG -D_DEBUG -DDEBUG_mmokrejs -DTRACING -ggdb c++ gcc version 4.3.2 (Gentoo 4.3.2 p1.0) -fno-rtti -fno-exceptions -Wall -Wpointer-arith -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wcast-align -Wno-invalid-offsetof -Wno-long-long -pedantic -fno-strict-aliasing -fshort-wchar -pthread -pipe -DDEBUG -D_DEBUG -DDEBUG_mmokrejs -DTRACING -ggdb Configure arguments --disable-optimize --enable-debug=-ggdb --enable-debug-modules=all --enable-debugger-info-modules --enable-detect-webshell-leaks --enable-svg --enable-svg-renderer-libart --enable-image-decoders=all --with-qtdir=/usr/qt/3 --enable-application=suite --disable-freetype2 --enable-jprof --enable-default-toolkit=cairo-gtk2 --enable-xft --disable-gssapi --disable-optimize --enable-debug=-ggdb --enable-debug-modules=all --enable-debugger-info-modules --enable-detect-webshell-leaks --enable-svg --enable-svg-renderer-libart --enable-image-decoders=all --with-qtdir=/usr/qt/3 --enable-application=suite --disable-freetype2 --enable-jprof --enable-default-toolkit=cairo-gtk2 --enable-xft --disable-gssapi --enable-application=../suite --disable-official-branding --with-branding=../suite/branding/nightly --cache-file=.././config.cache --srcdir=/home/mmokrejs/proj/comm-central/mozilla
Version: unspecified → Trunk
Comment 4•16 years ago
|
||
A couple of days ago trunk picked up a newer NSS, which should have fixed this. Do you still get this with the most recent nightly trunk builds?
Updated•16 years ago
|
Component: General → Security
Product: SeaMonkey → Core
QA Contact: general → toolkit
Reporter | ||
Comment 5•15 years ago
|
||
I cannot reproduce anymore with Build identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3pre) Gecko/20090801 SeaMonkey/2.0b2pre
Comment 6•15 years ago
|
||
setting to worksforme per Martin's feedback
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 7•8 years ago
|
||
Reopening, because it does happen with Gentoo-compiled seamonkey-2.40: Assertion failure: Could not find EV root in NSS storage, at /scratch/var/tmp/portage/www-client/seamonkey-2.40/work/seamonkey-2.40/mozilla/security/certverifier/ExtendedValidation.cpp:1252 Redirecting call to abort() to mozalloc_abort Hit MOZ_CRASH() at /scratch/var/tmp/portage/www-client/seamonkey-2.40/work/seamonkey-2.40/mozilla/memory/mozalloc/mozalloc_abort.cpp:33 Program seamonkey (pid = 29816) received signal 11. Stack: #01: ???[/usr/lib64/seamonkey/libxul.so +0x4707571] #02: ???[/lib64/libpthread.so.0 +0x10e20] #03: mozalloc_abort(char const*)[seamonkey +0x6267] #04: mozalloc_abort(char const*)[seamonkey +0x6210] #05: ???[/usr/lib64/libnspr4.so +0x1115c] #06: ???[/usr/lib64/seamonkey/libxul.so +0xf49a0e] #07: PR_CallOnce[/usr/lib64/libnspr4.so +0x1bc3a] #08: ???[/usr/lib64/seamonkey/libxul.so +0x4141870] #09: ???[/usr/lib64/seamonkey/libxul.so +0x10053c9] #10: ???[/usr/lib64/seamonkey/libxul.so +0x100a651] #11: ???[/usr/lib64/seamonkey/libxul.so +0x104704c] #12: ???[/usr/lib64/seamonkey/libxul.so +0x1416e2a] #13: ???[/usr/lib64/seamonkey/libxul.so +0x13d430b] #14: ???[/usr/lib64/seamonkey/libxul.so +0x13d43b7] #15: ???[/usr/lib64/seamonkey/libxul.so +0x1003ef0] #16: ???[/usr/lib64/libnspr4.so +0x29d5b] #17: ???[/lib64/libpthread.so.0 +0x7434] #18: clone[/lib64/libc.so.6 +0xe87fd] #19: ??? (???:???) Sleeping for 300 seconds. User agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40 Build identifier: 20160730133427 about:buildconfig Build platform target x86_64-pc-linux-gnu Build tools Compiler Version Compiler flags gcc 5.4.0 -Wall -Wempty-body -Wpointer-to-int-cast -Wsign-compare -Wtype-limits -Wno-unused -Wcast-align -ggdb -march=corei7-avx -pipe -mno-avx -std=gnu99 -fgnu89-inline -fno-strict-aliasing -fno-math-errno -pthread -pipe c++ 5.4.0 -Wall -Wempty-body -Woverloaded-virtual -Wsign-compare -Wwrite-strings -Wno-invalid-offsetof -Wcast-align -ggdb -march=corei7-avx -pipe -mno-avx -fno-exceptions -fno-strict-aliasing -fno-rtti -fno-exceptions -fno-math-errno -std=gnu++0x -pthread -pipe -DDEBUG -DTRACING -g -O2 -fno-omit-frame-pointer Configure arguments --enable-application=suite --enable-optimize=-O2 --disable-pedantic --disable-updater --disable-strip --disable-install-strip --disable-installer --disable-strip-libs --with-system-zlib --enable-pango --enable-svg --with-system-bz2 --enable-default-toolkit=cairo-gtk2 --enable-debug --enable-tests --enable-debug-symbols --enable-startup-notification --enable-necko-wifi --enable-dbus --enable-ogg --enable-wave --enable-ion --with-system-nspr --with-nspr-prefix=/usr --with-system-nss --with-nss-prefix=/usr --x-includes=/usr/include --x-libraries=/usr/lib64 --with-system-libevent=/usr --prefix=/usr --libdir=/usr/lib64 --enable-system-hunspell --disable-gnomevfs --disable-gnomeui --enable-gio --disable-crashreporter --with-system-png --enable-system-ffi --disable-gold --disable-skia --disable-gconf --with-intl-api --enable-jemalloc --enable-replace-malloc --target=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --enable-gstreamer=0.10 --disable-pulseaudio --disable-system-cairo --enable-system-sqlite --with-system-jpeg --with-system-icu --with-system-libvpx --with-google-api-keyfile=/scratch/var/tmp/portage/www-client/seamonkey-2.40/work/seamonkey-2.40/google-api-key --enable-jsd --enable-canvas --with-default-mozilla-five-home=/usr/lib64/seamonkey --enable-safe-browsing --enable-extensions=default --with-external-source-dir=/scratch/var/tmp/portage/www-client/seamonkey-2.40/work/seamonkey-2.40
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
Reporter | ||
Comment 8•8 years ago
|
||
Sorry, I was maybe too quick in re-opening this, maybe I hit now a bit different issue (bug #994859#c15)?
What version of NSS do you have on your system? Also, do you happen to know what version of gecko seamonkey-2.40 uses?
Flags: needinfo?(mmokrejs)
Reporter | ||
Comment 10•8 years ago
|
||
# ldd /usr/bin/seamonkey linux-vdso.so.1 (0x00007ffe3514f000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb7e3cdb000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fb7e3ad7000) libstdc++.so.6 => /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/libstdc++.so.6 (0x00007fb7e36de000) libm.so.6 => /lib64/libm.so.6 (0x00007fb7e33e2000) libgcc_s.so.1 => /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/libgcc_s.so.1 (0x00007fb7e31cb000) libc.so.6 => /lib64/libc.so.6 (0x00007fb7e2e2c000) /lib64/ld-linux-x86-64.so.2 (0x00007fb7e3ef7000) # Below output shows I have 3.24 version installed and with nss-pem support but without cacert support, and no utils from dev-libs/nss are installed. An upgrade to 3.26 is available. # emerge -pv dev-libs/nss These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild U ] dev-libs/nss-3.26::gentoo [3.24::gentoo] USE="nss-pem -cacert* -utils" ABI_X86="32 (64) (-x32)" 7241 KiB And I have dev-libs/nspr-4.12 installed. What is gecko? The tarball is from https://archive.mozilla.org/pub/eamonkey/releases/2.40 . Probably look for seamonkey-2.40.ebuild by Google to see what how it is compiled.
Reporter | ||
Updated•8 years ago
|
Flags: needinfo?(mmokrejs)
Reporter | ||
Comment 11•8 years ago
|
||
Upgrade to dev-libs/nss-3.26 while enabling cacert and nss-pem and utils did not help anyway. Seamonkey-2.39 was the last stable for me. 2.42, 2.43 crash for me, are ugly in face and email subject lines and not shaded while interleaved anymore. Seamonkey 2.46 has no support for calendar, crashes less often but still, difficult to use.
Gecko is the platform Seamonkey, Firefox, and Thunderbird are built on. In any case, can you run with a debugger and see what certificate isn't being found? It might also be helpful to run with the environment variable NSPR_LOG_MODULES set to "pipnss:4" and see what output that gives.
Flags: needinfo?(mmokrejs)
Reporter | ||
Comment 13•8 years ago
|
||
Hi, I include below summarized communication with David Keeler who helped me to poke though the process with gdb. Hi Martin, If you run seamonkey, it looks like it eventually prints out something like: Type 'gdb /usr/bin/seamonkey 10033' to attach your debugger to this thread. If you do that (the number will probably be different), once it loads all of the relevant libraries up, you should be able to use the command "up" until it tells you you're in the frame of the function "IdentityInfoInit()". Once there, hopefully you'll be able to use the print command to gather some information. `print iEV` would be useful (it would tell us where in the array of EV root information the problem is). `print entry.issuer_base64` and `print entry.issuer_serialbase64` would also be helpful. Let's start with that and see where we get. Also, regarding the log in your other email, it might be useful to see the output from before the assertion failure. Ah - IdentityInfoInit is probably running on a different thread. Try `thread apply all bt` and then dig through that output until you find IdentityInfoInit. Then, you should be able to `thread #` (where # is the number of the thread running IdentityInfoInit), and then run the print commands.
Reporter | ||
Comment 14•8 years ago
|
||
Useful gdb stacktrace.
Reporter | ||
Comment 15•8 years ago
|
||
From: David Keeler Hi Martin, It looks like that version of seamonkey is trying to use a root certificate that was removed from NSS in version 3.21 (the NSS commit for the removal is in [0]. [1] and [2] may provide some context). mozilla-central was updated (see [3]) to deal with this, but from what I can tell, seamonkey is using an old version of mozilla-central (it looks like 43? It needs at least 45.) I suppose what you could do is use the patch in [3] and apply it to seamonkey, but it would be better if seamonkey updated to a more recent version anyway (maybe mozilla-esr45?). (Another option would be to downgrade your system NSS to below 3.21, but you probably don't want to do that as it might be insecure and it might break other things.) Hope this helps, and let me know if I can help further, David [0] https://hg.mozilla.org/projects/nss/rev/1db1054bbb97#l1.659 [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1214729 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1208461 [3] https://hg.mozilla.org/mozilla-central/rev/99c9c5981cbe
Reporter | ||
Comment 16•8 years ago
|
||
Gentoo package definition file is here: https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/seamonkey/seamonkey-2.40.ebuild I vote for a bugfix release of 2.40 seamonkey series, I have issue with all kind of seamonkey versions up to 2.46a and the last stable for me was 2.39.
Reporter | ||
Comment 17•8 years ago
|
||
Seems https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/seamonkey/seamonkey-2.42.3.0_p0.ebuild does not have this problem.
Reporter | ||
Updated•8 years ago
|
Flags: needinfo?(mmokrejs)
Reporter | ||
Comment 18•8 years ago
|
||
> I suppose what you could do is use the patch in [3] and apply it to seamonkey ... > ... > [3] https://hg.mozilla.org/mozilla-central/rev/99c9c5981cbe Thank you David, yes, the patch applied to www-client/seamonkey-2.40::gentoo works fine as well.
Updated•2 years ago
|
Severity: normal → S3
Updated•4 months ago
|
Blocks: nss-external
You need to log in
before you can comment on or make changes to this bug.
Description
•