Closed
Bug 647749
Opened 13 years ago
Closed 13 years ago
Assertion failure: !(certificateUsage & (certificateUsage - 1)), at pkix_pl_cert.c:3011
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: KaiE, Unassigned)
Details
My code that queries a builtin CA cert for usages runs into the following assertion: (PKIX_BuildChain: ( Entering PKIX_BuildChain). (pkix_Build_InitiateBuildChain: ( Entering pkix_Build_InitiateBuildChain). Assertion failure: !(certificateUsage & (certificateUsage - 1)), at pkix_pl_cert.c:3011
|
Reporter | |
Comment 1•13 years ago
|
||
... which is a crash
|
|
Reporter | |
Comment 2•13 years ago
|
||
#9 0x00129462 in PR_Assert (s=0x385d420 "!(certificateUsage & (certificateUsage - 1))", file=0x385d1b0 "pkix_pl_cert.c", ln=3011) at /plaindata/moz/mocent/mozilla/nsprpub/pr/src/io/prlog.c:577
#10 0x037fadde in PKIX_PL_Cert_VerifyCertAndKeyType (cert=0xa33c0100, isChainCert=0, plContext=0xa330b820) at pkix_pl_cert.c:3011
#11 0x037a0176 in pkix_CertSelector_DefaultMatch (selector=0xa34c9f60, cert=0xa33c0100, plContext=0xa330b820) at pkix_certselector.c:1332
#12 0x037da3a3 in pkix_Build_InitiateBuildChain (procParams=0xb3366ab0, pNBIOContext=0xa45fde74, pState=0xa45fde7c, pBuildResult=0xa45fde78, pVerifyNode=0xa45fdee4, plContext=0xa330b820) at pkix_build.c:3364
#13 0x037dbe23 in PKIX_BuildChain (procParams=0xb3366ab0, pNBIOContext=0xa45fdef0, pState=0xa45fdeec, pBuildResult=0xa45fdef4, pVerifyNode=0xa45fdee4, plContext=0xa330b820) at pkix_build.c:3731
#14 0x037396fd in CERT_PKIXVerifyCert (cert=0xa1e4b010, usages=1151, paramsIn=0xa4f3bf10, paramsOut=0xa45fdf90, wincx=0x0) at certvfypkix.c:2317
#15 0x01f1ca3d in nsUsageArrayHelper::GetUsagesArray (this=0xa45fe070, suffix=0x2c966b0 "", localOnly=0, outArraySize=13, _verified=0xa45fe100, _count=0xa45fe080, outUsages=0xa45fe03c)
at /plaindata/moz/mocent/mozilla/security/manager/ssl/src/nsUsageArrayHelper.cpp:224
#16 0x01eefa2d in nsNSSCertificate::GetUsagesArray (this=0xa1d88680, localOnly=0, _verified=0xa45fe100, _count=0xa45fe0fc, _usages=0xa45fe0f8)
at /plaindata/moz/mocent/mozilla/security/manager/ssl/src/nsNSSCertificate.cpp:1443|
|
Reporter | |
Comment 3•13 years ago
|
||
PSM has always been calling CERT_VerifyCertificateNow with a bitmask that includes multiple usages. It does so to obtain the list of valid usages. The API's output parameter of the new CERT_PKIXVerifyCert is designed to return such a list of usages, too. However, the imlementation of libPKIX contains the mentioned assertion, that will abort if more than one usage is being passed. Obviously, the application shouldn't abort on unexpected input data. It currently calls PORT_Assert !!! Is this maybe an area, where the implementation is incomplete, and the PORT_Assert is some kind of reminder...? Or should the API be used differently?
|
|
Reporter | |
Comment 4•13 years ago
|
||
oh... SECCertUsage != SECCertificateUsage
|
|
Reporter | |
Comment 5•13 years ago
|
||
I think this bug is invalid. My mistake. I used the wrong cert usage constants...
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•