Open
Bug 497672
Opened 15 years ago
Updated 7 months ago
PK11_Authenticate fails with SEC_ERROR_IO on a database without a password initialized
Categories
(NSS :: Libraries, defect, P5)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: wtc, Unassigned)
Details
Attachments
(1 file)
339 bytes,
text/plain
|
Details |
This bug is present in NSS 3.12.0 and the NSS trunk (3.12.4.1 Beta). Here are the steps to reproduce this bug on Linux: 1. Do rm ~/.pki/nssdb/* to remove all the NSS (shared) databases. 2. Compile and run the attached program nssinit.c to create NSS databases without a password initialized. 3. Do certutil -d sql:/home/wtc/.pki/nssdb -K to list the keys in the database. I get the following error message: $ certutil -d sql:/home/wtc/.pki/nssdb -K certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" certutil: could not authenticate to token NSS Certificate DB.: An I/O error occurred during security authorization. The SEC_ERROR_IO error code is set here: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/pk11wrap/pk11auth.c&rev=1.9&mark=553-554#547 The call stack is: (gdb) where #0 PK11_DoPassword (slot=0x809fc48, loadCerts=1, wincx=0xffffd2cc) at pk11auth.c:554 #1 0xf7e445f6 in PK11_Authenticate (slot=0x809fc48, loadCerts=1, wincx=0xffffd2cc) at pk11auth.c:319 #2 0x08051d14 in ListKeysInSlot (slot=0x809fc48, nickName=0x0, keyType=nullKey, pwarg=0xffffd2cc) at certutil.c:782 #3 0x08052109 in ListKeys (slot=0x809fc48, nickName=0x0, index=0, keyType=nullKey, dopriv=0, pwdata=0xffffd2cc) at certutil.c:873 #4 0x080567c2 in certutil_main (argc=4, argv=0xffffd674, initialize=1) at certutil.c:2565 #5 0x08057a4d in main (argc=1, argv=0x40000000) at certutil.c:2981 Note that we aren't getting SEC_ERROR_IO because of poor softoken error reporting in this case. SEC_ERROR_IO is set by the pk11wrap layer. Is SEC_ERROR_IO the right error code for a token for which PK11_NeedUserInit is true?
Trying to fiddle with some databases I still see this (v3.16.2):
> $ certutil -d "sql:." -K
> certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
> certutil: could not authenticate to token NSS Certificate DB.: SEC_ERROR_IO: An I/O error occurred during security authorization.
Any workarounds?
sorry, actually the database was empty. Once I imported a pk with `pk12util` it now lists the keys
Updated•2 years ago
|
Severity: normal → S3
Updated•7 months ago
|
Severity: S3 → S4
Priority: -- → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•