Closed Bug 59162 Opened 24 years ago Closed 23 years ago

Root certs lib not shipped in standalone XPI

Categories

(Core :: Security: PSM, defect, P2)

Product:
Core
Component:
Security: PSM
Version:
1.0 Branch
Type:
defect

Tracking

()

Status:
VERIFIED WONTFIX
Milestone:
psm2.0

People

(Reporter: BenB, Assigned: BenB)

Details

Attachments

(1 file)

Proposed fix, version 1
635 bytes, patch
Details | Diff | Splinter Review 
Reproduce:
1. Build psm.xpi with |make build_xpi| (see build instructionos)
2. Install the xpi in a fresh (open-source) Mozilla nightly build, fresh profile
3. Visit <https://admin.he.net>

Actual result:
A warning dialog pops up, saying that the CA for the certificate is not
recognized. View the certificate to see that it is issued by "Thawte".

Expected result:
Since this particular root cert is already checked into the source, is should be
recognized. No cert dialog should pop up.

Reason:
The library containing the root certs, libnssckbi.*, is not packaged in the xpi.

I have a hacking patch. Hackish, because it uses the path
../../nss/lib/ckfw/builtins/$(PLATFORM)/libnssckbi.so
to find the library from the psm tree. Suggestions welcome. Otherwise, please
let me check in this hack - it's better than a PSM that doesn't work correctly
(because it doesn't recognize any certs unless the user does hacks).
.
Assignee: lord → mozilla
Severity: blocker → major
Priority: P3 → P2
Hardware: DEC → All
Target Milestone: --- → M19
Status: NEW → ASSIGNED

    
    

    
  
Please review.
Keywords: patch, 
          
            review

    
    

    
  
I've heard that Brian Ryner (bryner@netscape.com) may have done some work
in this area.  I am cc'ing to him.  Hopefully, we'll hear something from
him soon.  By the way, simply put the library in psm/components does
not seem to work for me.  It works if I place it in my profile, however.


    
    

    
  
Margaret,
see <http://www.bucksch.org/1/projects/mozilla/dist/psm> for a psm.xpi, which
uses the root cert lib in components. (worksforme(tm)).

    
    

    
  
Mass reassigning nitinp's bugs to me.
QA Contact: nitinp → junruh

    
    

    
  
Getting schizophrenic: Moving all bugs for Beonex <http://www.beonex.com> to my
second Bugzilla identity <ben.bucksch@beonex.com>.
Assignee: mozilla → ben.bucksch
Status: ASSIGNED → NEW

    
  
Summary: Root certs lib not shipped → Root certs lib not shipped in standalone XPI

    
    

    
  
wtc: please find a reviewer.

    
    

    
  
This patch won't work.  

You need to have a line like this instead:
  $(NSINSTALL) -m 755 $(DIST)/lib/$(DLL_PREFIX)nssckbi.$(DLL_SUFFIX) xpi/psm

The components directory is only for generic modules that are xpcom-ified.  
libnssckbi.so is a PKCS#11 module that needs to live in the same directory as 
the psm executable.

    
    

    
  
> This patch won't work.

I know it was a hack, but it did work for me (on Linux).

> You need to have a line like this instead:

Can you check it in, please? (iPlanet won't allow me.)

    
    

    
  
> Can you check it in, please?

Note: I didn't try your line out yet. Will do at next chance.


    
    

    
  
Your patch will create an XPI, but it still won't have the root certs when you 
run PSM.

    
    

    
  
javi@netscape.com - what's the score with this patch? BenB - do you have a 
non-hacky version of it?

Gerv

    
    

    
  
> BenB - do you have a non-hacky version of it?

No, and I can't produce one.

Target Milestone: M19 → ---

    
    

    
  
If you can't produce one, shouldn't you assign this bug to nobody then?
Resetting target milestone from M19 since the schedule only mentions M1-M3 and
RTM (for PSM 2.0), and M19 is meaningless for the browser by now.

    
    

    
  
> Your patch will create an XPI, but it still won't have the root certs when you 
> run PSM.

WORKSFORME, unless I am missing something.

afranke, the patch is hacky, and I am open for suggestions. If anyone wants to
take the bug, feel free. I am better than nobody, though.


    
    

    
  
Ok, you're right Ben. I just wanted to make sure that it's clear that you are
not the one who will do the next step here.

    
    

    
  
Per javi's comments dated 2001-01-16 10:39, this bug needs a new patch.  Ben,
why can't you provide one?  WORKSFORME is not enough in light of specific review
comments.

What exactly needs to happen to make the patch not be hacky?

/be

    
    

    
  
I'll defer this bug until PSM 2.0 lands, because I guess, the world will then
change (again).

    
    

    
  
Setting milestone to PSM 2.0.
Target Milestone: --- → 2.0
Version: 1.4 → 2.0

    
    

    
  
PSM 1.x issue. Not relevant for PMS 2.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WONTFIX

    
    

    
  
Verified wontfix.
Status: RESOLVED → VERIFIED

    
  
Product: PSM → Core

    
  
Version: psm2.0 → 1.0 Branch

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: