Closed
Bug 64128
Opened 24 years ago
Closed 23 years ago
Cannot edit builtin object token.
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.0
People
(Reporter: junruh, Assigned: bugz)
References
Details
Attachments
(2 files)
27.62 KB,
patch
|
Details | Diff | Splinter Review | |
30.00 KB,
patch
|
Details | Diff | Splinter Review |
1.) Open the Security Manager and click on Certificates and Web Sites. 2.) Click on a builtin object token, then on Edit and Edit. What happens: I cannot edit the token and am returned to the same popup window.
Updated•23 years ago
|
Component: Security: Crypto → Client Library
Product: Browser → PSM
Version: other → 2.0
Assignee | ||
Comment 2•23 years ago
|
||
Assignee | ||
Comment 3•23 years ago
|
||
This patch was created to fix this bug, but it really fixes a series of related bugs in cert manager, all having to do with being able to delete and edit trust of builtin token certs. I also included a few wording changes requested by Sean. Javi or David, can you review? I would consider this a high-priority bug, so it should get whatever keywords need to be attached.
Comment 4•23 years ago
|
||
Few observations: 1) Remove the programmer reminders to add help later. (There is already a bug for general Help issues in PSM) 2)In your js function doLoadForSSLCert, you have a hardcoded English string that gets set as the "title" attribute. That string should come from a properties file. 3)It seems like your dtd uses sentence fragments for the following keywords: certmgr.editsslcert.beforename certmgr.editsslcert.aftername These tend to cause problems for localization. So use complete sentences w/ %S parameters strings from the properties file if necessary to make localization easier. Resolve these issues and you've got r=javi
Assignee | ||
Comment 5•23 years ago
|
||
Assignee | ||
Comment 6•23 years ago
|
||
blizzard, can you sr=? thanks
Comment 7•23 years ago
|
||
|nsNSSCertTrust::HasTrustedPeer| has a misleading signature. If you were to use it like this: HasTrustedPeer(PR_TRUE, PR_FALSE, PR_TRUE); and mTrust.sslFlags was false but mTrust.objectSigningFlags was this function would return PR_FALSE incorrectly. In fact, how you use it is odd: + if (certType == nsIX509Cert::CA_CERT) { + if (trustType & nsIX509CertDB::TRUSTED_SSL) { + *_isTrusted = trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE); + } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) { + *_isTrusted = trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE); + } else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) { + *_isTrusted = trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE); + } else { + return NS_ERROR_FAILURE; + } You could probably change the way that function works so that it's looking for trust and doesn't return early and you could remove all of those calls to the same function. Fix that and you can have an sr=blizzard
Assignee | ||
Comment 8•23 years ago
|
||
I'm not sure I understand. The signature is: + PRBool HasTrustedPeer(PRBool checkSSL = PR_TRUE, + PRBool checkEmail = PR_TRUE, + PRBool checkObjSign = PR_TRUE); The logic is, "For each of the trust types to check (SSL, Email, or Object Signing), look to see if the cert has the Trusted Peer attribute. If any of the trust types being checked are not Trusted Peer, return false. Otherwise, return true." For example, if I want to know if a particular cert is trusted for SSL, I would call: trust->HasTrustedPeer(PR_TRUE, PR_FALSE, PR_FALSE); If I want to know if it is trusted for SSL and Object Signing, I would call: trust->HasTrustedPeer(PR_TRUE, PR_FALSE, PR_TRUE); Both conditions must be met, that is, it must be trusted for both, to return true. That is why there is an early exit in the function. The reason there are three calls to the function is that the UI needs to separate the three types of trust in order to decide which checkboxes to check. The question, in this case, isn't, "Is this cert trusted at all?";, it is, "Is this cert trusted for (SSL, Email, Object Signing)?" I understand that it's misleading. Maybe it should be called "HasTrustedPeerForTypes", but that would mean changing other functions in order to be consistent. Fortunately, this isn't an exported interface, so I'd like to leave it as it is for now. My bad for not being more clear in the beginning.
Comment 9•23 years ago
|
||
No problem. You should be set to go then. I just thought it was confusing, that's all.
Assignee | ||
Comment 10•23 years ago
|
||
marking fixed, checkin was 5/22
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•