Closed
Bug 473365
Opened 15 years ago
Closed 15 years ago
Incompatible argument in pkix_validate.c.
Categories
(NSS :: Build, defect)
NSS
Build
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.3
People
(Reporter: slavomir.katuscak+mozilla, Assigned: alvolkov.bgs)
Details
(Whiteboard: PKIX)
Attachments
(1 file, 2 obsolete files)
15.17 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
Warning from PKIX code building: cc -o SunOS5.10_OPT.OBJ/pkix_validate.o -c -xO4 -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT -DSOLARIS2_10 -D_SVID_GETTOD -xarch=v8 -DXP_UNIX -UDEBUG -DNDEBUG -DNSS_ENABLE_ECC -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -I/usr/dt/include -I/usr/openwin/include -I../../../../../../dist/SunOS5.10_OPT.OBJ/include -I../../../../../../dist/public/nss -I../../../../../../dist/private/nss -I../../../../../../dist/public/dbm pkix_validate.c "pkix_validate.c", line 802: warning: argument #8 is incompatible with prototype: prototype: pointer to unsigned int : "../../../../../../dist/private/nss/pkix_revchecker.h", line 236 argument : pointer to enum {SEC_ERROR_END_OF_LIST(-8022), SEC_ERROR_PKCS11_DEVICE_ERROR(-8023), SEC_ERROR_PKCS11_FUNCTION_FAILED(-8024), SEC_ERROR_PKCS11_GENERAL_ERROR(-8025), SEC_ERROR_LIBPKIX_INTERNAL(-8026), SEC_ERROR_BAD_INFO_ACCESS_LOCATION(-8027), SEC_ERROR_FAILED_TO_ENCODE_DATA(-8028), SEC_ERROR_BAD_LDAP_RESPONSE(-8029), SEC_ERROR_BAD_HTTP_RESPONSE(-8030), SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE(-8031), SEC_ERROR_POLICY_VALIDATION_FAILED(-8032), SEC_ERROR_INVALID_POLICY_MAPPING(-8033), SEC_ERROR_OUT_OF_SEARCH_LIMITS(-8034), SEC_ERROR_OCSP_BAD_SIGNATURE(-8035), SEC_ERROR_OCSP_RESPONDER_CERT_INVALID(-8036), SEC_ERROR_TOKEN_NOT_LOGGED_IN(-8037), SEC_ERROR_NOT_INITIALIZED(-8038), SEC_ERROR_CRL_ALREADY_EXISTS(-8039), SEC_ERROR_NO_EVENT(-8040), SEC_ERROR_INCOMPATIBLE_PKCS11(-8041), SEC_ERROR_UNKNOWN_OBJECT_TYPE(-8042), SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION(-8043), SEC_ERROR_CRL_V1_CRITICAL_EXTENSION(-8044), SEC_ERROR_CRL_INVALID_VERSION(-8045), SEC_ERROR_REVOKED_CERTIFICAT! E_OCSP(-8046), SEC_ERROR_REVOKED_CERTIFICATE_CRL(-8047), SEC_ERROR_OCSP_INVALID_SIGNING_CERT(-8048), SEC_ERROR_UNRECOGNIZED_OID(-8049), SEC_ERROR_UNSUPPORTED_EC_POINT_FORM(-8050), SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE(-8051), SEC_ERROR_EXTRA_INPUT(-8052), SEC_ERROR_BUSY(-8053), SEC_ERROR_REUSED_ISSUER_AND_SERIAL(-8054), SEC_ERROR_CRL_NOT_FOUND(-8055), SEC_ERROR_BAD_TEMPLATE(-8056), SEC_ERROR_MODULE_STUCK(-8057), SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE(-8058), SEC_ERROR_DIGEST_NOT_FOUND(-8059), SEC_ERROR_OCSP_OLD_RESPONSE(-8060), SEC_ERROR_OCSP_FUTURE_RESPONSE(-8061), SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE(-8062), SEC_ERROR_OCSP_MALFORMED_RESPONSE(-8063), SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER(-8064), SEC_ERROR_OCSP_NOT_ENABLED(-8065), SEC_ERROR_OCSP_UNKNOWN_CERT(-8066), SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS(-8067), SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST(-8068), SEC_ERROR_OCSP_REQUEST_NEEDS_SIG(-8069), SEC_ERROR_OCSP_TRY_SERVER_LATER(-8070), SEC_ERROR_OCSP_SERVER_ERROR(-8071), SEC_ERROR_! OCSP_MALFORMED_REQUEST(-8072), SEC_ERROR_OCSP_BAD_HTTP_RESPONS! E(-8073) , SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE(-8074), SEC_ERROR_CERT_BAD_ACCESS_LOCATION(-8075), SEC_ERROR_UNKNOWN_SIGNER(-8076), SEC_ERROR_UNKNOWN_CERT(-8077), SEC_ERROR_CRL_NOT_YET_VALID(-8078), SEC_ERROR_KRL_NOT_YET_VALID(-8079), SEC_ERROR_CERT_NOT_IN_NAME_SPACE(-8080), SEC_ERROR_CKL_CONFLICT(-8081), SEC_ERROR_OLD_KRL(-8082), SEC_ERROR_JS_DEL_MOD_FAILURE(-8083), SEC_ERROR_JS_ADD_MOD_FAILURE(-8084), SEC_ERROR_JS_INVALID_DLL(-8085), SEC_ERROR_JS_INVALID_MODULE_NAME(-8086), SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY(-8087), SEC_ERROR_NOT_FORTEZZA_ISSUER(-8088), SEC_ERROR_BAD_NICKNAME(-8089), SEC_ERROR_RETRY_OLD_PASSWORD(-8090), SEC_ERROR_INVALID_PASSWORD(-8091), SEC_ERROR_KEYGEN_FAIL(-8092), SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED(-8093), SEC_ERROR_PKCS12_UNABLE_TO_READ(-8094), SEC_ERROR_PKCS12_UNABLE_TO_WRITE(-8095), SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY(-8096), SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME(-8097), SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN(-8098), SEC_ERROR_PKCS12_U! NABLE_TO_IMPORT_KEY(-8099), SEC_ERROR_CERT_ADDR_MISMATCH(-8100), SEC_ERROR_INADEQUATE_CERT_TYPE(-8101), SEC_ERROR_INADEQUATE_KEY_USAGE(-8102), SEC_ERROR_MESSAGE_SEND_ABORTED(-8103), SEC_ERROR_PKCS12_DUPLICATE_DATA(-8104), SEC_ERROR_USER_CANCELLED(-8105), SEC_ERROR_PKCS12_CERT_COLLISION(-8106), SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT(-8107), SEC_ERROR_PKCS12_UNSUPPORTED_VERSION(-8108), SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM(-8109), SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE(-8110), SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE(-8111), SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM(-8112), SEC_ERROR_PKCS12_INVALID_MAC(-8113), SEC_ERROR_PKCS12_DECODING_PFX(-8114), SEC_ERROR_IMPORTING_CERTIFICATES(-8115), SEC_ERROR_EXPORTING_CERTIFICATES(-8116), SEC_ERROR_BAD_EXPORT_ALGORITHM(-8117), XP_JAVA_CERT_NOT_EXISTS_ERROR(-8118), XP_JAVA_DELETE_PRIVILEGE_ERROR(-8119), XP_JAVA_REMOVE_PRINCIPAL_ERROR(-8120), SEC_ERROR_BAGGAGE_NOT_CREATED(-8121), SEC_ERROR_SAFE_NOT_CREATED(-8122), SEC_ERROR_! KEY_NICKNAME_COLLISION(-8123), SEC_ERROR_CERT_NICKNAME_COLLISI! ON(-8124 ), SEC_ERROR_NO_SLOT_SELECTED(-8125), SEC_ERROR_READ_ONLY(-8126), SEC_ERROR_NO_TOKEN(-8127), SEC_ERROR_NO_MODULE(-8128), SEC_ERROR_NEED_RANDOM(-8129), SEC_ERROR_KRL_INVALID(-8130), SEC_ERROR_REVOKED_KEY(-8131), SEC_ERROR_KRL_BAD_SIGNATURE(-8132), SEC_ERROR_KRL_EXPIRED(-8133), SEC_ERROR_NO_KRL(-8134), XP_SEC_FORTEZZA_PERSON_ERROR(-8135), XP_SEC_FORTEZZA_BAD_PIN(-8136), XP_SEC_FORTEZZA_NO_MORE_INFO(-8137), XP_SEC_FORTEZZA_PERSON_NOT_FOUND(-8138), XP_SEC_FORTEZZA_MORE_INFO(-8139), XP_SEC_FORTEZZA_NONE_SELECTED(-8140), XP_SEC_FORTEZZA_NO_CARD(-8141), XP_SEC_FORTEZZA_BAD_CARD(-8142), SEC_ERROR_DECRYPTION_DISALLOWED(-8143), SEC_ERROR_UNSUPPORTED_KEYALG(-8144), SEC_ERROR_PKCS7_BAD_SIGNATURE(-8145), SEC_ERROR_PKCS7_KEYALG_MISMATCH(-8146), SEC_ERROR_NOT_A_RECIPIENT(-8147), SEC_ERROR_NO_RECIPIENT_CERTS_QUERY(-8148), SEC_ERROR_NO_EMAIL_CERT(-8149), SEC_ERROR_OLD_CRL(-8150), SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION(-8151), SEC_ERROR_INVALID_KEY(-8152), SEC_INTERNAL_ONLY(-8153), SEC_ERROR_CE! RT_USAGES_INVALID(-8154), SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID(-8155), SEC_ERROR_CA_CERT_INVALID(-8156), SEC_ERROR_EXTENSION_NOT_FOUND(-8157), SEC_ERROR_EXTENSION_VALUE_INVALID(-8158), SEC_ERROR_CRL_INVALID(-8159), SEC_ERROR_CRL_BAD_SIGNATURE(-8160), SEC_ERROR_CRL_EXPIRED(-8161), SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE(-8162), SEC_ERROR_CERT_NO_RESPONSE(-8163), SEC_ERROR_CERT_NOT_VALID(-8164), SEC_ERROR_CERT_VALID(-8165), SEC_ERROR_NO_KEY(-8166), SEC_ERROR_FILING_KEY(-8167), SEC_ERROR_ADDING_CERT(-8168), SEC_ERROR_DUPLICATE_CERT_NAME(-8169), SEC_ERROR_DUPLICATE_CERT(-8170), SEC_ERROR_UNTRUSTED_CERT(-8171), SEC_ERROR_UNTRUSTED_ISSUER(-8172), SEC_ERROR_NO_MEMORY(-8173), SEC_ERROR_BAD_DATABASE(-8174), SEC_ERROR_NO_NODELOCK(-8175), SEC_ERROR_RETRY_PASSWORD(-8176), SEC_ERROR_BAD_PASSWORD(-8177), SEC_ERROR_BAD_KEY(-8178), SEC_ERROR_UNKNOWN_ISSUER(-8179), SEC_ERROR_REVOKED_CERTIFICATE(-8180), SEC_ERROR_EXPIRED_CERTIFICATE(-8181), SEC_ERROR_BAD_SIGNATURE(-8182), SEC_ERROR_BAD_DER(-81! 83), SEC_ERROR_INVALID_TIME(-8184),} One problem is warning itself (something is wrong), second is that this error message contains FAIL substring, which I usually use for searching for failures in Tinderbox logs.
Reporter | ||
Updated•15 years ago
|
Assignee: slavomir.katuscak → alexei.volkov.bugs
Assignee | ||
Comment 1•15 years ago
|
||
Attachment #356812 -
Flags: review?(nelson)
Comment 2•15 years ago
|
||
Comment on attachment 356812 [details] [diff] [review] Fix the warning. I suppose this does silence the warning, (so would a cast), but changing the type from SECErrorCodes to PKIX_UInt32 seems like going in the wrong direction. Maybe the type of the pointer argument that should change.
Comment 3•15 years ago
|
||
Comment on attachment 356812 [details] [diff] [review] Fix the warning. Alexei and I discussed this yesterday, and I learned that the reason this variable is a type PKIX_UInt32 and not a SECErrorCodes is that the values it contains may be either NSS error codes (which are all negative numbers) or CRL revocation reason codes from the enum typedef named CERTCRLEntryReasonCodeEnum, which are small non-negative numbers. So, in effect, this value represents a number for a new space of numbers which is a superset of the set of NSS/NSPR error codes. I'm quite sure that we do NOT want values in this new space to get out to callers of NSS. We do NOT want this new number space to become part of the NSS public API for which binary compatibility must be preserved. The only question remaining, which I cannot answer, is: is there any public NSS API through which values in this new space could get output to an external caller of an NSS shared library? If so, then I want to expand the scope of this bug to including solving that problem.
Assignee | ||
Comment 4•15 years ago
|
||
Attachment #356812 -
Attachment is obsolete: true
Attachment #357236 -
Flags: review?(nelson)
Attachment #356812 -
Flags: review?(nelson)
Assignee | ||
Comment 5•15 years ago
|
||
(In reply to comment #3) > (From update of attachment 356812 [details] [diff] [review]) > The only question remaining, which I cannot answer, is: is there any > public NSS API through which values in this new space could get output > to an external caller of an NSS shared library? If so, then I want to > expand the scope of this bug to including solving that problem. No there is no API that can make this values available for outside caller. Never the less, I think merging values from two different spaces and providing a single variable to carry it was a mistake. The second patch fixes it by making sure that we return only SEC_ERRRORs(from ocsp or crl checkers) through reasonCode(Uint 32) variable. If we need a revocation reason code for a particular cert, then we will need to add another parameter to pkix revocation API.
Assignee | ||
Comment 6•15 years ago
|
||
Also fixes propagation of an error received from revocation checker.
Attachment #357236 -
Attachment is obsolete: true
Attachment #358512 -
Flags: review?(nelson)
Attachment #357236 -
Flags: review?(nelson)
Comment 7•15 years ago
|
||
Comment on attachment 358512 [details] [diff] [review] Patch v3 - changes to use reason code to pass the acctual revocation reason of the cert r=nelson
Attachment #358512 -
Flags: review?(nelson) → review+
Assignee | ||
Updated•15 years ago
|
Whiteboard: PKIX
Assignee | ||
Comment 8•15 years ago
|
||
patch is committed.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•