Closed
Bug 59162
Opened 24 years ago
Closed 23 years ago
Root certs lib not shipped in standalone XPI
Categories
(Core :: Security: PSM, defect, P2)
Tracking
()
VERIFIED
WONTFIX
psm2.0
People
(Reporter: BenB, Assigned: BenB)
Details
Attachments
(1 file)
635 bytes,
patch
|
Details | Diff | Splinter Review |
Reproduce: 1. Build psm.xpi with |make build_xpi| (see build instructionos) 2. Install the xpi in a fresh (open-source) Mozilla nightly build, fresh profile 3. Visit <https://admin.he.net> Actual result: A warning dialog pops up, saying that the CA for the certificate is not recognized. View the certificate to see that it is issued by "Thawte". Expected result: Since this particular root cert is already checked into the source, is should be recognized. No cert dialog should pop up. Reason: The library containing the root certs, libnssckbi.*, is not packaged in the xpi. I have a hacking patch. Hackish, because it uses the path ../../nss/lib/ckfw/builtins/$(PLATFORM)/libnssckbi.so to find the library from the psm tree. Suggestions welcome. Otherwise, please let me check in this hack - it's better than a PSM that doesn't work correctly (because it doesn't recognize any certs unless the user does hacks).
Assignee | ||
Comment 1•24 years ago
|
||
.
Assignee: lord → mozilla
Severity: blocker → major
Priority: P3 → P2
Hardware: DEC → All
Target Milestone: --- → M19
Assignee | ||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•24 years ago
|
||
Comment 4•24 years ago
|
||
I've heard that Brian Ryner (bryner@netscape.com) may have done some work in this area. I am cc'ing to him. Hopefully, we'll hear something from him soon. By the way, simply put the library in psm/components does not seem to work for me. It works if I place it in my profile, however.
Assignee | ||
Comment 5•24 years ago
|
||
Margaret, see <http://www.bucksch.org/1/projects/mozilla/dist/psm> for a psm.xpi, which uses the root cert lib in components. (worksforme(tm)).
Assignee | ||
Comment 7•24 years ago
|
||
Getting schizophrenic: Moving all bugs for Beonex <http://www.beonex.com> to my second Bugzilla identity <ben.bucksch@beonex.com>.
Assignee: mozilla → ben.bucksch
Status: ASSIGNED → NEW
Assignee | ||
Updated•24 years ago
|
Summary: Root certs lib not shipped → Root certs lib not shipped in standalone XPI
Assignee | ||
Comment 8•24 years ago
|
||
wtc: please find a reviewer.
Comment 9•24 years ago
|
||
This patch won't work. You need to have a line like this instead: $(NSINSTALL) -m 755 $(DIST)/lib/$(DLL_PREFIX)nssckbi.$(DLL_SUFFIX) xpi/psm The components directory is only for generic modules that are xpcom-ified. libnssckbi.so is a PKCS#11 module that needs to live in the same directory as the psm executable.
Assignee | ||
Comment 10•24 years ago
|
||
> This patch won't work. I know it was a hack, but it did work for me (on Linux). > You need to have a line like this instead: Can you check it in, please? (iPlanet won't allow me.)
Assignee | ||
Comment 11•24 years ago
|
||
> Can you check it in, please?
Note: I didn't try your line out yet. Will do at next chance.
Comment 12•24 years ago
|
||
Your patch will create an XPI, but it still won't have the root certs when you run PSM.
Comment 13•24 years ago
|
||
javi@netscape.com - what's the score with this patch? BenB - do you have a non-hacky version of it? Gerv
Assignee | ||
Comment 14•24 years ago
|
||
> BenB - do you have a non-hacky version of it?
No, and I can't produce one.
Updated•23 years ago
|
Target Milestone: M19 → ---
Comment 15•23 years ago
|
||
If you can't produce one, shouldn't you assign this bug to nobody then? Resetting target milestone from M19 since the schedule only mentions M1-M3 and RTM (for PSM 2.0), and M19 is meaningless for the browser by now.
Assignee | ||
Comment 16•23 years ago
|
||
> Your patch will create an XPI, but it still won't have the root certs when you
> run PSM.
WORKSFORME, unless I am missing something.
afranke, the patch is hacky, and I am open for suggestions. If anyone wants to
take the bug, feel free. I am better than nobody, though.
Comment 17•23 years ago
|
||
Ok, you're right Ben. I just wanted to make sure that it's clear that you are not the one who will do the next step here.
Comment 18•23 years ago
|
||
Per javi's comments dated 2001-01-16 10:39, this bug needs a new patch. Ben, why can't you provide one? WORKSFORME is not enough in light of specific review comments. What exactly needs to happen to make the patch not be hacky? /be
Assignee | ||
Comment 19•23 years ago
|
||
I'll defer this bug until PSM 2.0 lands, because I guess, the world will then change (again).
Comment 20•23 years ago
|
||
Setting milestone to PSM 2.0.
Target Milestone: --- → 2.0
Version: 1.4 → 2.0
Comment 21•23 years ago
|
||
PSM 1.x issue. Not relevant for PMS 2.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•