Last Comment Bug 484466 - sec_error_invalid_args with NSS_ENABLE_PKIX_VERIFY=1
: sec_error_invalid_args with NSS_ENABLE_PKIX_VERIFY=1
Status: RESOLVED FIXED
PKIX
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: trunk
: All All
: P1 major (vote)
: 3.12.3
Assigned To: Alexei Volkov
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-20 14:19 PDT by Rob Stradling
Modified: 2009-03-31 17:09 PDT (History)
0 users
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Patch v1 - use correct pointer to pkix error log structure (813 bytes, patch)
2009-03-23 11:59 PDT, Alexei Volkov
nelson: review+
Details | Diff | Splinter Review

Description Rob Stradling 2009-03-20 14:19:08 PDT
User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Build Identifier: trunk

As reported in bug #483168 comment #43, the current Firefox HEAD + NSS HEAD shows a sec_error_invalid_args error when attempting to navigate to various https sites.

Affected sites include:
https://www.verisign.com
https://secure.comodo.com
https://www.globalsign.com

Unaffected sites include:
https://www.entrust.net
https://www.startssl.com

This problem did not occur 1 month ago when I reported bug #479508 comment #2.

Reproducible: Always
Comment 1 Nelson Bolyard (seldom reads bugmail) 2009-03-20 14:25:42 PDT
The crucial detail for this bug is that it only occurs when 
NSS_ENABLE_PKIX_VERIFY=1 is set.

So, this bug will be "major" when that condition becomes the default,
but not until then.
Comment 2 Alexei Volkov 2009-03-23 11:56:56 PDT
The problem was introduced in the patch for the bug 444404. It happens when pkix_VerifyNode_SetError function sets "unknown issuer" error into verifyNode
 - the variable that suppose to point to the validation error log. 

  pkix_VerifyNode_SetError(verifyNode, verifyError,
                           plContext),

Only in this case it is incorrect to use verifyNode. state->verifyNode should have been used instead of it. pkix_VerifyNode_SetError returns "invalid argument" error since verifyNode is NULL in the context.

(state->verifyNode, verifyError,
                                         plContext),
Comment 3 Alexei Volkov 2009-03-23 11:59:55 PDT
Created attachment 368936 [details] [diff] [review]
Patch v1 - use correct pointer to pkix error log structure
Comment 4 Nelson Bolyard (seldom reads bugmail) 2009-03-23 12:54:38 PDT
Comment on attachment 368936 [details] [diff] [review]
Patch v1 - use correct pointer to pkix error log structure

r=nelson
Comment 5 Alexei Volkov 2009-03-23 15:57:20 PDT
> (From update of attachment 368936 [details] [diff] [review])
committed.

Note You need to log in before you can comment on or make changes to this bug.