The title is self explicit. See certhigh.c , line 792.
Julien's right. This code seems wrong. This code checks to see if the cert is already in the TEMP cert db and if so, simply refuses to try to save it in the PERM cert db. Perhaps it was the author's intent to check to see if it was already in the PERM cert db, and the error was that it's checking the wrong db. Or, perhaps it was the author's intent to see if it's in the temp DB, and if so, skip the steps of importing it into the temp DB and go straight to the step of saving the temp cert in the perm cert db, and the error is that it is skipping it alltogether instead of saving in the perm cert db. Either way, if the cert is already in the temp cert db, this function won't save it in the perm. And that just seems wrong. The workaround is to delete the cert from the temp cert db before calling this function.
Julien, can you use the workaround that Nelson suggested? Bob, I'm assigning this bug to you for your triage.
Wan-Teh, I'm already using the workaround. But I'd still like to see the bug fixed in the future.
Bob, I think you attached the patch to the wrong bug :)
I sure did ooops....
Bob, is this fixed or should we move the target to 3.4?
Move it to 3.4 bob
Changed the QA contact to Bishakha.
Set target milestone to NSS 3.5.
OK, I've finally had a chance to look at this with respect to 3.4, and 3.4 no longer checks for the cert in the temp DB before importing it.
Changed target milestone to 3.4 per Bob's comment #11.