Closed Bug 473365 Opened 15 years ago Closed 15 years ago

Incompatible argument in pkix_validate.c.

Categories

(NSS :: Build, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED
3.12.3

People

(Reporter: slavomir.katuscak+mozilla, Assigned: alvolkov.bgs)

Details

(Whiteboard: PKIX)

Attachments

(1 file, 2 obsolete files)

Warning from PKIX code building:

cc -o SunOS5.10_OPT.OBJ/pkix_validate.o -c -xO4 -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT -DSOLARIS2_10 -D_SVID_GETTOD -xarch=v8 -DXP_UNIX -UDEBUG -DNDEBUG -DNSS_ENABLE_ECC -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -I/usr/dt/include -I/usr/openwin/include -I../../../../../../dist/SunOS5.10_OPT.OBJ/include  -I../../../../../../dist/public/nss -I../../../../../../dist/private/nss -I../../../../../../dist/public/dbm  pkix_validate.c
"pkix_validate.c", line 802: warning: argument #8 is incompatible with prototype:
	prototype: pointer to unsigned int : "../../../../../../dist/private/nss/pkix_revchecker.h", line 236
	argument : pointer to enum  {SEC_ERROR_END_OF_LIST(-8022), SEC_ERROR_PKCS11_DEVICE_ERROR(-8023), SEC_ERROR_PKCS11_FUNCTION_FAILED(-8024), SEC_ERROR_PKCS11_GENERAL_ERROR(-8025), SEC_ERROR_LIBPKIX_INTERNAL(-8026), SEC_ERROR_BAD_INFO_ACCESS_LOCATION(-8027), SEC_ERROR_FAILED_TO_ENCODE_DATA(-8028), SEC_ERROR_BAD_LDAP_RESPONSE(-8029), SEC_ERROR_BAD_HTTP_RESPONSE(-8030), SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE(-8031), SEC_ERROR_POLICY_VALIDATION_FAILED(-8032), SEC_ERROR_INVALID_POLICY_MAPPING(-8033), SEC_ERROR_OUT_OF_SEARCH_LIMITS(-8034), SEC_ERROR_OCSP_BAD_SIGNATURE(-8035), SEC_ERROR_OCSP_RESPONDER_CERT_INVALID(-8036), SEC_ERROR_TOKEN_NOT_LOGGED_IN(-8037), SEC_ERROR_NOT_INITIALIZED(-8038), SEC_ERROR_CRL_ALREADY_EXISTS(-8039), SEC_ERROR_NO_EVENT(-8040), SEC_ERROR_INCOMPATIBLE_PKCS11(-8041), SEC_ERROR_UNKNOWN_OBJECT_TYPE(-8042), SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION(-8043), SEC_ERROR_CRL_V1_CRITICAL_EXTENSION(-8044), SEC_ERROR_CRL_INVALID_VERSION(-8045), SEC_ERROR_REVOKED_CERTIFICAT!
 E_OCSP(-8046), SEC_ERROR_REVOKED_CERTIFICATE_CRL(-8047), SEC_ERROR_OCSP_INVALID_SIGNING_CERT(-8048), SEC_ERROR_UNRECOGNIZED_OID(-8049), SEC_ERROR_UNSUPPORTED_EC_POINT_FORM(-8050), SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE(-8051), SEC_ERROR_EXTRA_INPUT(-8052), SEC_ERROR_BUSY(-8053), SEC_ERROR_REUSED_ISSUER_AND_SERIAL(-8054), SEC_ERROR_CRL_NOT_FOUND(-8055), SEC_ERROR_BAD_TEMPLATE(-8056), SEC_ERROR_MODULE_STUCK(-8057), SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE(-8058), SEC_ERROR_DIGEST_NOT_FOUND(-8059), SEC_ERROR_OCSP_OLD_RESPONSE(-8060), SEC_ERROR_OCSP_FUTURE_RESPONSE(-8061), SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE(-8062), SEC_ERROR_OCSP_MALFORMED_RESPONSE(-8063), SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER(-8064), SEC_ERROR_OCSP_NOT_ENABLED(-8065), SEC_ERROR_OCSP_UNKNOWN_CERT(-8066), SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS(-8067), SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST(-8068), SEC_ERROR_OCSP_REQUEST_NEEDS_SIG(-8069), SEC_ERROR_OCSP_TRY_SERVER_LATER(-8070), SEC_ERROR_OCSP_SERVER_ERROR(-8071), SEC_ERROR_!
 OCSP_MALFORMED_REQUEST(-8072), SEC_ERROR_OCSP_BAD_HTTP_RESPONS!
 E(-8073)
, SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE(-8074), SEC_ERROR_CERT_BAD_ACCESS_LOCATION(-8075), SEC_ERROR_UNKNOWN_SIGNER(-8076), SEC_ERROR_UNKNOWN_CERT(-8077), SEC_ERROR_CRL_NOT_YET_VALID(-8078), SEC_ERROR_KRL_NOT_YET_VALID(-8079), SEC_ERROR_CERT_NOT_IN_NAME_SPACE(-8080), SEC_ERROR_CKL_CONFLICT(-8081), SEC_ERROR_OLD_KRL(-8082), SEC_ERROR_JS_DEL_MOD_FAILURE(-8083), SEC_ERROR_JS_ADD_MOD_FAILURE(-8084), SEC_ERROR_JS_INVALID_DLL(-8085), SEC_ERROR_JS_INVALID_MODULE_NAME(-8086), SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY(-8087), SEC_ERROR_NOT_FORTEZZA_ISSUER(-8088), SEC_ERROR_BAD_NICKNAME(-8089), SEC_ERROR_RETRY_OLD_PASSWORD(-8090), SEC_ERROR_INVALID_PASSWORD(-8091), SEC_ERROR_KEYGEN_FAIL(-8092), SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED(-8093), SEC_ERROR_PKCS12_UNABLE_TO_READ(-8094), SEC_ERROR_PKCS12_UNABLE_TO_WRITE(-8095), SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY(-8096), SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME(-8097), SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN(-8098), SEC_ERROR_PKCS12_U!
 NABLE_TO_IMPORT_KEY(-8099), SEC_ERROR_CERT_ADDR_MISMATCH(-8100), SEC_ERROR_INADEQUATE_CERT_TYPE(-8101), SEC_ERROR_INADEQUATE_KEY_USAGE(-8102), SEC_ERROR_MESSAGE_SEND_ABORTED(-8103), SEC_ERROR_PKCS12_DUPLICATE_DATA(-8104), SEC_ERROR_USER_CANCELLED(-8105), SEC_ERROR_PKCS12_CERT_COLLISION(-8106), SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT(-8107), SEC_ERROR_PKCS12_UNSUPPORTED_VERSION(-8108), SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM(-8109), SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE(-8110), SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE(-8111), SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM(-8112), SEC_ERROR_PKCS12_INVALID_MAC(-8113), SEC_ERROR_PKCS12_DECODING_PFX(-8114), SEC_ERROR_IMPORTING_CERTIFICATES(-8115), SEC_ERROR_EXPORTING_CERTIFICATES(-8116), SEC_ERROR_BAD_EXPORT_ALGORITHM(-8117), XP_JAVA_CERT_NOT_EXISTS_ERROR(-8118), XP_JAVA_DELETE_PRIVILEGE_ERROR(-8119), XP_JAVA_REMOVE_PRINCIPAL_ERROR(-8120), SEC_ERROR_BAGGAGE_NOT_CREATED(-8121), SEC_ERROR_SAFE_NOT_CREATED(-8122), SEC_ERROR_!
 KEY_NICKNAME_COLLISION(-8123), SEC_ERROR_CERT_NICKNAME_COLLISI!
 ON(-8124
), SEC_ERROR_NO_SLOT_SELECTED(-8125), SEC_ERROR_READ_ONLY(-8126), SEC_ERROR_NO_TOKEN(-8127), SEC_ERROR_NO_MODULE(-8128), SEC_ERROR_NEED_RANDOM(-8129), SEC_ERROR_KRL_INVALID(-8130), SEC_ERROR_REVOKED_KEY(-8131), SEC_ERROR_KRL_BAD_SIGNATURE(-8132), SEC_ERROR_KRL_EXPIRED(-8133), SEC_ERROR_NO_KRL(-8134), XP_SEC_FORTEZZA_PERSON_ERROR(-8135), XP_SEC_FORTEZZA_BAD_PIN(-8136), XP_SEC_FORTEZZA_NO_MORE_INFO(-8137), XP_SEC_FORTEZZA_PERSON_NOT_FOUND(-8138), XP_SEC_FORTEZZA_MORE_INFO(-8139), XP_SEC_FORTEZZA_NONE_SELECTED(-8140), XP_SEC_FORTEZZA_NO_CARD(-8141), XP_SEC_FORTEZZA_BAD_CARD(-8142), SEC_ERROR_DECRYPTION_DISALLOWED(-8143), SEC_ERROR_UNSUPPORTED_KEYALG(-8144), SEC_ERROR_PKCS7_BAD_SIGNATURE(-8145), SEC_ERROR_PKCS7_KEYALG_MISMATCH(-8146), SEC_ERROR_NOT_A_RECIPIENT(-8147), SEC_ERROR_NO_RECIPIENT_CERTS_QUERY(-8148), SEC_ERROR_NO_EMAIL_CERT(-8149), SEC_ERROR_OLD_CRL(-8150), SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION(-8151), SEC_ERROR_INVALID_KEY(-8152), SEC_INTERNAL_ONLY(-8153), SEC_ERROR_CE!
 RT_USAGES_INVALID(-8154), SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID(-8155), SEC_ERROR_CA_CERT_INVALID(-8156), SEC_ERROR_EXTENSION_NOT_FOUND(-8157), SEC_ERROR_EXTENSION_VALUE_INVALID(-8158), SEC_ERROR_CRL_INVALID(-8159), SEC_ERROR_CRL_BAD_SIGNATURE(-8160), SEC_ERROR_CRL_EXPIRED(-8161), SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE(-8162), SEC_ERROR_CERT_NO_RESPONSE(-8163), SEC_ERROR_CERT_NOT_VALID(-8164), SEC_ERROR_CERT_VALID(-8165), SEC_ERROR_NO_KEY(-8166), SEC_ERROR_FILING_KEY(-8167), SEC_ERROR_ADDING_CERT(-8168), SEC_ERROR_DUPLICATE_CERT_NAME(-8169), SEC_ERROR_DUPLICATE_CERT(-8170), SEC_ERROR_UNTRUSTED_CERT(-8171), SEC_ERROR_UNTRUSTED_ISSUER(-8172), SEC_ERROR_NO_MEMORY(-8173), SEC_ERROR_BAD_DATABASE(-8174), SEC_ERROR_NO_NODELOCK(-8175), SEC_ERROR_RETRY_PASSWORD(-8176), SEC_ERROR_BAD_PASSWORD(-8177), SEC_ERROR_BAD_KEY(-8178), SEC_ERROR_UNKNOWN_ISSUER(-8179), SEC_ERROR_REVOKED_CERTIFICATE(-8180), SEC_ERROR_EXPIRED_CERTIFICATE(-8181), SEC_ERROR_BAD_SIGNATURE(-8182), SEC_ERROR_BAD_DER(-81!
 83), SEC_ERROR_INVALID_TIME(-8184),}

One problem is warning itself (something is wrong), second is that this error message contains FAIL substring, which I usually use for searching for failures in Tinderbox logs.
Assignee: slavomir.katuscak → alexei.volkov.bugs
Attached patch Fix the warning. (obsolete) — Splinter Review
Attachment #356812 - Flags: review?(nelson)
Comment on attachment 356812 [details] [diff] [review]
Fix the warning.

I suppose this does silence the warning, (so would a cast), but changing
the type from SECErrorCodes to PKIX_UInt32 seems like going in the wrong
direction.  Maybe the type of the pointer argument that should change.
Comment on attachment 356812 [details] [diff] [review]
Fix the warning.

Alexei and I discussed this yesterday, and I learned that the reason this
variable is a type PKIX_UInt32 and not a SECErrorCodes is that the values 
it contains may be either NSS error codes (which are all negative numbers)
or CRL revocation reason codes from the enum typedef named CERTCRLEntryReasonCodeEnum, which are small non-negative numbers.  

So, in effect, this value represents a number for a new space of numbers
which is a superset of the set of NSS/NSPR error codes.  I'm quite sure
that we do NOT want values in this new space to get out to callers of 
NSS.  We do NOT want this new number space to become part of the NSS 
public API for which binary compatibility must be preserved.  

The only question remaining, which I cannot answer, is: is there any 
public NSS API through which values in this new space could get output 
to an external caller of an NSS shared library?  If so, then I want to
expand the scope of this bug to including solving that problem.
Attachment #356812 - Attachment is obsolete: true
Attachment #357236 - Flags: review?(nelson)
Attachment #356812 - Flags: review?(nelson)
(In reply to comment #3)
> (From update of attachment 356812 [details] [diff] [review])
> The only question remaining, which I cannot answer, is: is there any 
> public NSS API through which values in this new space could get output 
> to an external caller of an NSS shared library?  If so, then I want to
> expand the scope of this bug to including solving that problem.

No there is no API that can make this values available for outside caller. Never the less, I think merging values from two different spaces and providing a single variable to carry it was a mistake. 

The second patch fixes it by making sure that we return only SEC_ERRRORs(from ocsp or crl checkers) through reasonCode(Uint 32) variable. If we need a revocation reason code for a particular cert, then we will need to add another parameter to pkix revocation API.
Also fixes propagation of an error received from revocation checker.
Attachment #357236 - Attachment is obsolete: true
Attachment #358512 - Flags: review?(nelson)
Attachment #357236 - Flags: review?(nelson)
Comment on attachment 358512 [details] [diff] [review]
Patch v3 - changes to use reason code to pass the acctual revocation reason of the cert

r=nelson
Attachment #358512 - Flags: review?(nelson) → review+
Whiteboard: PKIX
patch is committed.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.