Signtool reports unnecessary error message when verifying without key3.db

NEW
Unassigned

Status

NSS
Tools
P3
enhancement
17 years ago
7 years ago

People

(Reporter: Arshad Noor, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

17 years ago
From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (X11; I; SunOS 5.8 sun4u)
BuildID:    

When attempting to verify a signed jar file, with just the cert7.db in
$HOME/.netscape (we definitely don't want the key3.db involved in any
verification purposes; we'd prefer that the secumodule.db also not be
involved, but I have no preference about this), signtool -v reports an
incorrect and unnecessary error message.


Reproducible: Always
Steps to Reproduce:
1.  Sign an object with an object signing certificate.
2.  Remove or Move the $HOME/.netscape/key3.db file temporarily.
3.  From the command line, type in signtool -v jarfile.jar

Actual Results:  You will see output such as follows:

$ sophia:/home/anoor> signtool -v *.jar
using certificate directory: /home/anoor/.netscape

WARNING: No password set on internal key database.  Most operations will fail.
You must use Communicator to create a password.
.
.


Expected Results:  No messages regarding key database.  For verification
operations the private key is unnecessary.

Comment 1

17 years ago
Marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 2

17 years ago
marking signtool bugs as future until 3.3 plan is ready.
Status: NEW → ASSIGNED
Target Milestone: --- → Future

Comment 3

17 years ago
forgot to reassign
Assignee: wtc → mcgreer
Status: ASSIGNED → NEW

Comment 4

17 years ago
Set Target Milestone to NSS 3.3.  Assigned the bug to
Bob for evaluation.
Assignee: mcgreer → relyea
Priority: -- → P2
Target Milestone: Future → 3.3

Comment 5

16 years ago
reassign to Ian. work on this if it's in the prd.
Assignee: relyea → mcgreer

Updated

16 years ago
Target Milestone: 3.3 → 3.4

Comment 6

15 years ago
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee

Comment 7

15 years ago
Set target milestone to NSS 3.5.
Target Milestone: 3.4 → 3.5

Comment 8

15 years ago
Assigned the bug to Kirk.  Target NSS 3.7.
Assignee: ian.mcgreer → kirk.erickson
Target Milestone: 3.5 → 3.7

Comment 9

15 years ago
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---

Comment 11

14 years ago
Not likely to get to this in the 3.9 timeframe.
Set Target Milestone to Future.
Target Milestone: --- → Future

Updated

14 years ago
Target Milestone: Future → ---

Comment 12

14 years ago
I provided a password in reproducing this failure:
signtool -v nojs.jar -d ../alicedir -p nss
signtool: NSS_Initialize failed: security library: bad database.

signtool is calling NSS_Init(): 
NSS_Init(configdir = 0x3367f0 "../alicedir"), line 493 in "nssinit.c"
which has no provision for startup without key3.db.  Arshad is asking
for a new feature. 

Changed this Severity to "enhancement"

In addition to relaxing nss_Init(), facilities downstream that assume
the key3.db has been opened would need to check for its existence and
fail gracefully in the case it wasn't opened as part of NSS_Init().

Unfortunately, Arshad is no longer at Sun, so I need to find out whose
taken his place and query further to understand the motivation for this.
Perhaps we can offer another means to accomplish their goal.
Severity: normal → enhancement
Priority: P2 → P3

Comment 13

14 years ago
2003-0609-1720 Back from Michael Hein:

Kirk,

I don't know who Arshad is.....or what group he was in.	 I would say just
leave the bug for now......if it is very important I'm sure someone will
ping us.

Michael

Comment 14

13 years ago
Mass reassign of Kirk's bugs.
Assignee: kirk.erickson → glen.beasley
QA Contact: bishakhabanerjee → jason.m.reid
QA Contact: jason.m.reid → tools

Updated

7 years ago
Assignee: gbmozilla → nobody
You need to log in before you can comment on or make changes to this bug.