Last Comment Bug 66604 - Signtool reports unnecessary error message when verifying without key3.db
: Signtool reports unnecessary error message when verifying without key3.db
Status: NEW
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: unspecified
: Sun Solaris
P3 enhancement (vote)
: ---
Assigned To: nobody
Depends on:
  Show dependency treegraph
Reported: 2001-01-25 17:48 PST by Arshad Noor
Modified: 2010-03-31 11:24 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---


Description User image Arshad Noor 2001-01-25 17:48:45 PST
From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (X11; I; SunOS 5.8 sun4u)

When attempting to verify a signed jar file, with just the cert7.db in
$HOME/.netscape (we definitely don't want the key3.db involved in any
verification purposes; we'd prefer that the secumodule.db also not be
involved, but I have no preference about this), signtool -v reports an
incorrect and unnecessary error message.

Reproducible: Always
Steps to Reproduce:
1.  Sign an object with an object signing certificate.
2.  Remove or Move the $HOME/.netscape/key3.db file temporarily.
3.  From the command line, type in signtool -v jarfile.jar

Actual Results:  You will see output such as follows:

$ sophia:/home/anoor> signtool -v *.jar
using certificate directory: /home/anoor/.netscape

WARNING: No password set on internal key database.  Most operations will fail.
You must use Communicator to create a password.

Expected Results:  No messages regarding key database.  For verification
operations the private key is unnecessary.
Comment 1 User image Keyser Sose 2001-01-28 14:39:07 PST
Marking NEW.
Comment 2 User image Ian McGreer 2001-01-29 08:25:29 PST
marking signtool bugs as future until 3.3 plan is ready.
Comment 3 User image Ian McGreer 2001-01-29 08:26:20 PST
forgot to reassign
Comment 4 User image Wan-Teh Chang 2001-02-27 15:53:34 PST
Set Target Milestone to NSS 3.3.  Assigned the bug to
Bob for evaluation.
Comment 5 User image Robert Relyea 2001-04-24 14:31:58 PDT
reassign to Ian. work on this if it's in the prd.
Comment 6 User image Wan-Teh Chang 2002-04-25 16:34:29 PDT
Changed the QA contact to Bishakha.
Comment 7 User image Wan-Teh Chang 2002-05-08 17:06:52 PDT
Set target milestone to NSS 3.5.
Comment 8 User image Wan-Teh Chang 2002-10-01 14:05:16 PDT
Assigned the bug to Kirk.  Target NSS 3.7.
Comment 9 User image Wan-Teh Chang 2002-12-06 11:14:12 PST
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Comment 10 User image Nelson Bolyard (seldom reads bugmail) 2003-05-09 21:17:22 PDT
Remove target milestone of 3.8, since these bugs didn't get into that release.
Comment 11 User image Kirk Erickson 2003-05-19 00:05:42 PDT
Not likely to get to this in the 3.9 timeframe.
Set Target Milestone to Future.
Comment 12 User image Kirk Erickson 2003-06-09 13:24:13 PDT
I provided a password in reproducing this failure:
signtool -v nojs.jar -d ../alicedir -p nss
signtool: NSS_Initialize failed: security library: bad database.

signtool is calling NSS_Init(): 
NSS_Init(configdir = 0x3367f0 "../alicedir"), line 493 in "nssinit.c"
which has no provision for startup without key3.db.  Arshad is asking
for a new feature. 

Changed this Severity to "enhancement"

In addition to relaxing nss_Init(), facilities downstream that assume
the key3.db has been opened would need to check for its existence and
fail gracefully in the case it wasn't opened as part of NSS_Init().

Unfortunately, Arshad is no longer at Sun, so I need to find out whose
taken his place and query further to understand the motivation for this.
Perhaps we can offer another means to accomplish their goal.
Comment 13 User image Kirk Erickson 2003-06-11 07:39:48 PDT
2003-0609-1720 Back from Michael Hein:


I don't know who Arshad is.....or what group he was in.	 I would say just
leave the bug for now......if it is very important I'm sure someone will
ping us.

Comment 14 User image Julien Pierre 2004-06-02 15:32:46 PDT
Mass reassign of Kirk's bugs.

Note You need to log in before you can comment on or make changes to this bug.