smime testing dumps core in cmsutil.c

RESOLVED FIXED in 3.4

Status

P2
normal
RESOLVED FIXED
18 years ago
17 years ago

People

(Reporter: mbar, Assigned: kirk.erickson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

18 years ago
OK, so I've built and run the tests against NSS 3.2.1. 

I'm getting some tests that pass on the optimized build, yet dump core in
cmsutil on the debug build (appended to the end of this posting) I've looked at
cmsutil and the core file with dbx and found what looks to be a bug in
cmsutil.c, but perhaps one of you could look at it and say yea or nay. 

Following, I've included the bits of cmsutil.c and the dbx session.  Please note
that in main(),
encryptOptions is passed to get_enc_params() and its .options element is
eventually accessed, causing the
SIGSEGV.  In main(), it is decodeOptions.options that gets the address of
main::options rather than
encryptOptions.options.  encryptOptions is the struct that eventually has its
.options element accessed --
and which element contains a null pointer. 

Cheers, 
Matthew 

First, the bit of code under consideration: 

in main() 

         switch (mode) {
         case DECODE:
             decodeOptions.options = &options;
             if (encryptOptions.envFile) {
                 /* Decoding encrypted-data, so get the bulkkey from an
                  * enveloped-data message.
                  */
                 SECU_FileToItem(&envmsg, encryptOptions.envFile);
                 decodeOptions.options = &options;
                 encryptOptions.envmsg = decode(NULL, &dummy, &envmsg, 
                                                decodeOptions);
                 rv = get_enc_params(&encryptOptions);
                 decodeOptions.dkcb = dkcb;
                 decodeOptions.bulkkey = encryptOptions.bulkkey;
             }
             cmsg = decode(outFile, &output, &input, decodeOptions);
             if (!cmsg) {
                 SECU_PrintError(progName, "problem decoding");
                 exitstatus = 1;
             }
             fwrite(output.data, output.len, 1, outFile);
             break;

in get_enc_params()

             SECItem dummyOut = { 0, 0, 0 };
             SECItem dummyIn  = { 0, 0, 0 };
             char str[] = "Hello!";
             PLArenaPool *tmparena = PORT_NewArena(1024);
             dummyIn.data = str;
             dummyIn.len = strlen(str);
             envelopeOptions.options = encryptOptions->options;
             envelopeOptions.recipients = encryptOptions->recipients;
             env_cmsg = enveloped_data(envelopeOptions);
             NSS_CMSDEREncode(env_cmsg, &dummyIn, &dummyOut, tmparena);

in enveloped_data()

         int cnt;
         dbhandle = envelopeOptions.options->certHandle;  ** SEGV happens here
**
         /* count the recipients */
         if ((cnt = nss_CMSArray_Count(envelopeOptions.recipients)) == 0) {

Now the dbx session:

      # dbx ../cmd/smimetools/IRIX6.5_n32_PTH_DBG.OBJ/cmsutil
../../../tests_results/security/foo3.2/smime/core
     dbx version 7.3.1 68542_Oct26 MR Oct 26 2000 17:50:34
     Core from signal SIGSEGV: Segmentation violation
     (dbx) where
     >  0 enveloped_data(envelopeOptions = (...))
["/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/cmd/smimetools/cmsutil.c":544,
0x10006218]
        1 get_enc_params(encryptOptions = 0x7fff2d18)
["/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/cmd/smimetools/cmsutil.c":665,
0x10006804]
        2 main(argc = 12, argv = 0x7fff2e64)
["/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/cmd/smimetools/cmsutil.c":1203,
0x10007f24]
        3 __start()
["/xlv55/kudzu-apr12/work/irix/lib/libc/libc_n32_M3/csu/crt1text.s":177,
0x10004d18]
     (dbx) up
     get_enc_params: 665  env_cmsg = enveloped_data(envelopeOptions);
     (dbx) l 660
        660          PLArenaPool *tmparena = PORT_NewArena(1024);
        661          dummyIn.data = str;
        662          dummyIn.len = strlen(str);
        663          envelopeOptions.options = encryptOptions->options;
        664          envelopeOptions.recipients = encryptOptions->recipients;
      * 665          env_cmsg = enveloped_data(envelopeOptions);
        666          NSS_CMSDEREncode(env_cmsg, &dummyIn, &dummyOut, tmparena);
        667          PR_Write(encryptOptions->envFile, dummyOut.data,
dummyOut.len);
        668          PORT_FreeArena(tmparena, PR_FALSE);
        669      }
     (dbx) p encryptOptions
     0x7fff2d18 
     (dbx) p encryptOptions->options
     (nil) 
     (dbx) up
     main:1203  rv = get_enc_params(&encryptOptions);
     (dbx) p options
     struct optionsStr {
         password = 0x10075020 = "nss"
         certUsage = certUsageEmailSigner=4
         certHandle = 0x100766a8
     } 
     (dbx) p encryptOptions
     struct encryptOptionsStr {
         options = (nil)
         recipients = (nil)
         envmsg = (nil)
         input = (nil)
         outfile = (nil)
         envFile = 0x10076668
         bulkkey = (nil)
         bulkalgtag = SEC_OID_UNKNOWN=0
         keysize = -1
     } 
     (dbx)

My proposed fix: 

in main() 

         switch (mode) {
         case DECODE:
             decodeOptions.options = &options;
             if (encryptOptions.envFile) {
                 /* Decoding encrypted-data, so get the bulkkey from an
                  * enveloped-data message.
                  */
                 SECU_FileToItem(&envmsg, encryptOptions.envFile);
                 decodeOptions.options = &options;
                 encryptOptions.options = &options; /* ADDED THIS LINE */

                 encryptOptions.envmsg = decode(NULL, &dummy, &envmsg, 
                                                decodeOptions);
                 rv = get_enc_params(&encryptOptions);
                 decodeOptions.dkcb = dkcb;
                 decodeOptions.bulkkey = encryptOptions.bulkkey;
             }
             cmsg = decode(outFile, &output, &input, decodeOptions);
             if (!cmsg) {
                 SECU_PrintError(progName, "problem decoding");
                 exitstatus = 1;
             }
             fwrite(output.data, output.len, 1, outFile);
             break;

==================================================================
output.log follows
==================================================================
init.sh init: Testing PATH
/tinderbox5.0/components/nss/3.2.1/mozilla/dist/IRIX6.5_n32_PTH_DBG.OBJ/bin:/tinderbox5.0/components/nss/3.2.1/mozilla/dist/IRIX6.5_n32_PTH_DBG.OBJ/lib:/usr/local/bin:/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/etc:/usr/etc:/usr/bin/X11:/usr/java/bin:/usr/freeware/bin:/usr/etc/yp:/usr/Cadmin/bin:/usr/lib:/usr/lib/uucp:/lib:.:/u/mbarker/bin:/tools/ns/bin:/tools/ns/sbin
against LIB
/tinderbox5.0/components/nss/3.2.1/mozilla/dist/IRIX6.5_n32_PTH_DBG.OBJ/lib
cert.sh: Certutil Tests ===============================
cert.sh: Creating a CA Certificate ==========================
cert.sh: Creating CA Cert DB --------------------------
certutil -N -d . -f ../tests.pw.182422
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert --------------------------
certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-S -n TestCA -t CTu,CTu,CTu -v 60 -x -d . -1 -2 -5 -f ../tests.pw.182422 -z
../tests_noise.182422


Generating key.  This may take a few moments...

                          0 - Digital Signature
                          1 - Non-repudiation
                          2 - Key encipherment
                          3 - Data encipherment
                          4 - Key agreement
                          5 - Cert signning key
                          6 - CRL signning key
                          Other to finish
                          0 - Digital Signature
                          1 - Non-repudiation
                          2 - Key encipherment
                          3 - Data encipherment
                          4 - Key agreement
                          5 - Cert signning key
                          6 - CRL signning key
                          Other to finish
Is this a critical extension [y/n]? 
Is this a CA certificate [y/n]?
Enter the path length constraint, enter to skip [<0 for unlimited path]:
Is this a critical extension [y/n]? 
                          0 - SSL Client
                          1 - SSL Server
                          2 - S/MIME
                          3 - Object Signing
                          4 - Reserved for futuer use
                          5 - SSL CA
                          6 - S/MIME CA
                          7 - Object Signing CA
                          Other to finish
                          0 - SSL Client
                          1 - SSL Server
                          2 - S/MIME
                          3 - Object Signing
                          4 - Reserved for futuer use
                          5 - SSL CA
                          6 - S/MIME CA
                          7 - Object Signing CA
                          Other to finish
                          0 - SSL Client
                          1 - SSL Server
                          2 - S/MIME
                          3 - Object Signing
                          4 - Reserved for futuer use
                          5 - SSL CA
                          6 - S/MIME CA
                          7 - Object Signing CA
                          Other to finish
                          0 - SSL Client
                          1 - SSL Server
                          2 - S/MIME
                          3 - Object Signing
                          4 - Reserved for futuer use
                          5 - SSL CA
                          6 - S/MIME CA
                          7 - Object Signing CA
                          Other to finish
Is this a critical extension [y/n]? 
cert.sh: Exporting Root Cert --------------------------
certutil -L -n TestCA -r -d . -o root.cert
cert.sh: Creating Client CA Issued Certificates ===============
cert.sh: Initializing TestUser's Cert DB --------------------------
certutil -N -d . -f ../tests.pw.182422
cert.sh: Import Root CA for TestUser --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw.182422 -d . -i ../CA/root.cert
cert.sh: Generate Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View,
ST=California, C=US" -R -d . -f ../tests.pw.182422 -z ../tests_noise.182422 -o
req


Generating key.  This may take a few moments...

cert.sh: Sign TestUser's Request --------------------------
certutil -C -c TestCA -m 6 -v 60 -d ../CA -i req -o TestUser.cert -f
../tests.pw.182422
cert.sh: Import TestUser's Cert --------------------------
certutil -A -n TestUser -t u,u,u -d . -f ../tests.pw.182422 -i TestUser.cert
cert.sh: Creating Server CA Issued Certificate for \
             foo3.red.iplanet.com ------------------------------------
cert.sh: Creating foo3.red.iplanet.com's Server Cert --------------------------
certutil -s "CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US" -S -n foo3.red.iplanet.com -c TestCA -t Pu,Pu,Pu -d . -f
../tests.pw.182422 -z ../tests_noise.182422 -v 60


Generating key.  This may take a few moments...

cert.sh: Creating Client CA Issued Certificates ==============
cert.sh: Initializing Alice's Cert DB --------------------------
certutil -N -d . -f ../tests.pw.182422
cert.sh: Import Root CA for Alice --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw.182422 -d . -i ../CA/root.cert
cert.sh: Generate Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View,
ST=California, C=US" -R -d . -f ../tests.pw.182422 -z ../tests_noise.182422 -o
req


Generating key.  This may take a few moments...

cert.sh: Sign Alice's Request --------------------------
certutil -C -c TestCA -m 3 -v 60 -d ../CA -i req -o Alice.cert -f
../tests.pw.182422
cert.sh: Import Alice's Cert --------------------------
certutil -A -n Alice -t u,u,u -d . -f ../tests.pw.182422 -i Alice.cert
cert.sh: Initializing Bob's Cert DB --------------------------
certutil -N -d . -f ../tests.pw.182422
cert.sh: Import Root CA for Bob --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw.182422 -d . -i ../CA/root.cert
cert.sh: Generate Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View,
ST=California, C=US" -R -d . -f ../tests.pw.182422 -z ../tests_noise.182422 -o
req


Generating key.  This may take a few moments...

cert.sh: Sign Bob's Request --------------------------
certutil -C -c TestCA -m 4 -v 60 -d ../CA -i req -o Bob.cert -f
../tests.pw.182422
cert.sh: Import Bob's Cert --------------------------
certutil -A -n Bob -t u,u,u -d . -f ../tests.pw.182422 -i Bob.cert
cert.sh: Creating Dave's Certificate -------------------------
cert.sh: Creating Dave's Server Cert --------------------------
certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US" -S -n Dave -c TestCA -t u,u,u -m 5 -d . -f
../tests.pw.182422 -z ../tests_noise.182422 -v 60


Generating key.  This may take a few moments...

cert.sh: Export Dave's Cert --------------------------
certutil -L -n Dave -r -d . -o Dave.cert
cert.sh: Importing Certificates ==============================
cert.sh: Import Alices's cert into Bob's db --------------------------
certutil -E -t u,u,u -d ../bobdir -f ../tests.pw.182422 -i
../alicedir/Alice.cert
cert.sh: Import Bob's cert into Alice's db --------------------------
certutil -E -t u,u,u -d ../alicedir -f ../tests.pw.182422 -i ../bobdir/Bob.cert
cert.sh: Import Dave's cert into Alice's DB --------------------------
certutil -E -t u,u,u -d ../alicedir -f ../tests.pw.182422 -i ../dave/Dave.cert
cert.sh: Import Dave's cert into Bob's DB --------------------------
certutil -E -t u,u,u -d ../bobdir -f ../tests.pw.182422 -i ../dave/Dave.cert
ssl.sh: SSL tests ===============================
ssl.sh: SSL Cipher Coverage ===============================
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -c ABCDEFabcdefghijklm -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:56:31 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
ssl.sh: running SSL2 RC4 128 WITH MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c A -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL2 RC4 128 EXPORT40 WITH MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c B  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC4-Export, 40 secret key bits, 128 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL2 RC2 128 CBC WITH MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c C  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC2-CBC, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL2 RC2 128 CBC EXPORT40 WITH MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c D -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC2-CBC-Export, 40 secret key bits, 128 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL2 DES 64 CBC WITH MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c E  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher DES-CBC, 56 secret key bits, 56 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL2 DES 192 EDE3 CBC WITH MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c F -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher DES-EDE3-CBC, 168 secret key bits, 168 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL3 RSA WITH RC4 128 MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c c -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL3 RSA WITH 3DES EDE CBC SHA ----------------------------
tstclnt -p 8443 -h foo3 -c d -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher 3DES-EDE-CBC, 168 secret key bits, 168 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL3 RSA WITH DES CBC SHA ----------------------------
tstclnt -p 8443 -h foo3 -c e -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher DES-CBC, 56 secret key bits, 56 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL3 RSA EXPORT WITH RC4 40 MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c f -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC4-40, 40 secret key bits, 128 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL3 RSA EXPORT WITH RC2 CBC 40 MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c g -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC2-CBC-40, 40 secret key bits, 128 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL3 RSA FIPS WITH 3DES EDE CBC SHA ----------------------------
tstclnt -p 8443 -h foo3 -c j -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher 3DES-EDE-CBC, 168 secret key bits, 168 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL3 RSA FIPS WITH DES CBC SHA ----------------------------
tstclnt -p 8443 -h foo3 -c k -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher DES-CBC, 56 secret key bits, 56 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL3 RSA EXPORT WITH DES CBC SHA   (new)
----------------------------
tstclnt -p 8443 -h foo3 -c l -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher DES-CBC, 56 secret key bits, 56 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL3 RSA EXPORT WITH RC4 56 SHA    (new)
----------------------------
tstclnt -p 8443 -h foo3 -c m -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC4-56, 56 secret key bits, 128 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running TLS RSA WITH RC4 128 MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c c  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running TLS RSA WITH 3DES EDE CBC SHA ----------------------------
tstclnt -p 8443 -h foo3 -c d  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher 3DES-EDE-CBC, 168 secret key bits, 168 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running TLS RSA WITH DES CBC SHA ----------------------------
tstclnt -p 8443 -h foo3 -c e  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher DES-CBC, 56 secret key bits, 56 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running TLS RSA EXPORT WITH RC4 40 MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c f  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC4-40, 40 secret key bits, 128 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running TLS RSA EXPORT WITH RC2 CBC 40 MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c g  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC2-CBC-40, 40 secret key bits, 128 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running TLS RSA FIPS WITH 3DES EDE CBC SHA ----------------------------
tstclnt -p 8443 -h foo3 -c j  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher 3DES-EDE-CBC, 168 secret key bits, 168 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running TLS RSA FIPS WITH DES CBC SHA ----------------------------
tstclnt -p 8443 -h foo3 -c k  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher DES-CBC, 56 secret key bits, 56 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running TLS RSA EXPORT WITH DES CBC SHA   (new)
----------------------------
tstclnt -p 8443 -h foo3 -c l  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher DES-CBC, 56 secret key bits, 56 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running TLS RSA EXPORT WITH RC4 56 SHA    (new)
----------------------------
tstclnt -p 8443 -h foo3 -c m  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC4-56, 56 secret key bits, 128 key bits, status: 2
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running TLS RSA WITH NULL MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c i  \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher NULL, 0 secret key bits, 0 key bits, status: 0
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: running SSL3 RSA WITH NULL MD5 ----------------------------
tstclnt -p 8443 -h foo3 -c i -T \
        -f -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher NULL, 0 secret key bits, 0 key bits, status: 0
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





kill_selfserv[99]: 182117 Terminated
ssl.sh: SSL Client Authentication ===============================
ssl.sh: TLS Request don't require client auth (client does not provide auth)
----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:56:44 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -w nss \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
selfserv: -- SSL3: Certificate Validated.
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: TLS Request don't require client auth (client does not provide auth)
produced a returncode of 0, expected is 0 PASSED
ssl.sh: TLS Request don't require client auth (bad password) ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:56:46 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -w bogus -n TestUser \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: TLS Request don't require client auth (bad password) produced a
returncode of 0, expected is 0 PASSED
ssl.sh: TLS Request don't require client auth (client auth) ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:56:48 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -w nss -n TestUser \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
selfserv: -- SSL3: Certificate Validated.
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: TLS Request don't require client auth (client auth) produced a
returncode of 0, expected is 0 PASSED
ssl.sh: TLS Require client auth (client does not provide auth) ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:56:51 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -w nss \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
selfserv: -- SSL3: Certificate Validated.
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: TLS Require client auth (client does not provide auth) produced a
returncode of 0, expected is 0 PASSED
ssl.sh: TLS Require client auth (bad password) ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:56:53 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -w bogus -n TestUser \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
selfserv: HDX PR_Read returned error -12285:
Unable to find the certificate or key necessary for authentication.
tstclnt: write to SSL socket failed: SSL peer cannot verify your certificate.
ssl.sh: TLS Require client auth (bad password) produced a returncode of 254,
expected is 254 PASSED
ssl.sh: TLS Require client auth (client auth) ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:56:54 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -w nss -n TestUser  \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
selfserv: -- SSL3: Certificate Validated.
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: TLS Require client auth (client auth) produced a returncode of 0,
expected is 0 PASSED
ssl.sh: SSL3 Request don't require client auth (client does not provide auth)
----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:56:57 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -T -w nss \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
selfserv: -- SSL3: Certificate Validated.
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: SSL3 Request don't require client auth (client does not provide auth)
produced a returncode of 0, expected is 0 PASSED
ssl.sh: SSL3 Request don't require client auth (bad password) ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:56:59 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -T -n TestUser -w bogus \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: SSL3 Request don't require client auth (bad password) produced a
returncode of 0, expected is 0 PASSED
ssl.sh: SSL3 Request don't require client auth (client auth) ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:57:01 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -T -n TestUser -w nss \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
selfserv: -- SSL3: Certificate Validated.
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: SSL3 Request don't require client auth (client auth) produced a
returncode of 0, expected is 0 PASSED
ssl.sh: SSL3 Require client auth (client does not provide auth) ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:57:03 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -T -w nss \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
selfserv: -- SSL3: Certificate Validated.
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: SSL3 Require client auth (client does not provide auth) produced a
returncode of 0, expected is 0 PASSED
ssl.sh: SSL3 Require client auth (bad password) ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:57:06 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -T -n TestUser -w bogus \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
selfserv: HDX PR_Read returned error -12285:
Unable to find the certificate or key necessary for authentication.
tstclnt: write to SSL socket failed: SSL peer cannot verify your certificate.
ssl.sh: SSL3 Require client auth (bad password) produced a returncode of 254,
expected is 254 PASSED
ssl.sh: SSL3 Require client auth (client auth) ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss -r -r -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:57:07 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
tstclnt -p 8443 -h foo3 -f -d . -T -n TestUser -w nss \
        <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt
selfserv: -- SSL3: Certificate Validated.
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
subject DN: CN=foo3.red.iplanet.com, O=BOGUS Netscape, L=Mountain View,
ST=California, C=US
issuer  DN: CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US
0 cache hits; 0 cache misses, 0 cache not reusable
HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

Discarded 1 characters.
GET / HTTP/1.0

EOF





ssl.sh: SSL3 Require client auth (client auth) produced a returncode of 0,
expected is 0 PASSED
ssl.sh: SSL Stress Test ===============================
ssl.sh: Stress SSL2 RC4 128 with MD5 ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss   -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:57:10 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
strsclnt -p 8443 -d . -w nss -c 1000 -C A  \
         foo3.red.iplanet.com
strsclnt started at Fri Jun 01 18:57:11 PDT 2001
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 1 server certificates tested.
strsclnt completed at Fri Jun 01 18:57:28 PDT 2001
kill_selfserv[99]: 182807 Terminated
ssl.sh: Stress SSL3 RC4 128 with MD5 ----
selfserv -p 8443 -d ../server -n foo3.red.iplanet.com \
         -w nss   -i ../tests_pid.182422  &
selfserv started at Fri Jun 01 18:57:28 PDT 2001
tstclnt -p 8443 -h foo3 -q -d . <
/tinderbox5.0/components/nss/3.2.1/mozilla/security/nss/tests/ssl/sslreq.txt 
strsclnt -p 8443 -d . -w nss -c 1000 -C c  \
         foo3.red.iplanet.com
strsclnt started at Fri Jun 01 18:57:29 PDT 2001
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 999 cache hits; 1 cache misses, 0 cache not reusable
strsclnt completed at Fri Jun 01 18:58:02 PDT 2001
kill_selfserv[99]: 182878 Terminated
sdr.sh: SDR Tests ===============================
sdr.sh: Creating an SDR key/Encrypt
sdrtest -d . -o
/tinderbox5.0/components/nss/3.2.1/mozilla/tests_results/security/foo3.2/tests.v1.182422
-t Test1
sdr.sh: SDR Encrypt - Second Value
sdrtest -d . -o
/tinderbox5.0/components/nss/3.2.1/mozilla/tests_results/security/foo3.2/tests.v2.182422
-t 'The quick brown fox jumped over the lazy dog'
sdr.sh: Decrypt - Value 1
sdrtest -d . -i
/tinderbox5.0/components/nss/3.2.1/mozilla/tests_results/security/foo3.2/tests.v1.182422
-t Test1
sdr.sh: Decrypt - Value 2
sdrtest -d . -i
/tinderbox5.0/components/nss/3.2.1/mozilla/tests_results/security/foo3.2/tests.v2.182422
-t The quick brown fox jumped over the lazy dog
cipher.sh: Cipher Tests ===============================
cipher.sh: DES ECB Encrypt --------------------------------
bltest -T -m des_ecb -E -d .
Encryption self-test for des_ecb passed.
cipher.sh: DES ECB Decrypt --------------------------------
bltest -T -m des_ecb -D -d .
Decryption self-test for des_ecb passed.
cipher.sh: DES CBC Encrypt --------------------------------
bltest -T -m des_cbc -E -d .
Encryption self-test for des_cbc passed.
cipher.sh: DES CBC Decrypt --------------------------------
bltest -T -m des_cbc -D -d .
Decryption self-test for des_cbc passed.
cipher.sh: DES3 ECB Encrypt --------------------------------
bltest -T -m des3_ecb -E -d .
Encryption self-test for des3_ecb passed.
cipher.sh: DES3 ECB Decrypt --------------------------------
bltest -T -m des3_ecb -D -d .
Decryption self-test for des3_ecb passed.
cipher.sh: DES3 CBC Encrypt --------------------------------
bltest -T -m des3_cbc -E -d .
Encryption self-test for des3_cbc passed.
cipher.sh: DES3 CBC Decrypt --------------------------------
bltest -T -m des3_cbc -D -d .
Decryption self-test for des3_cbc passed.
cipher.sh: RC2 ECB Encrypt --------------------------------
bltest -T -m rc2_ecb -E -d .
Encryption self-test for rc2_ecb passed.
cipher.sh: RC2 ECB Decrypt --------------------------------
bltest -T -m rc2_ecb -D -d .
Decryption self-test for rc2_ecb passed.
cipher.sh: RC2 CBC Encrypt --------------------------------
bltest -T -m rc2_cbc -E -d .
Encryption self-test for rc2_cbc passed.
cipher.sh: RC2 CBC Decrypt --------------------------------
bltest -T -m rc2_cbc -D -d .
Decryption self-test for rc2_cbc passed.
cipher.sh: RC4 Encrypt --------------------------------
bltest -T -m rc4 -E -d .
Encryption self-test for rc4 passed.
Encryption self-test for rc4 passed.
cipher.sh: RC4 Decrypt --------------------------------
bltest -T -m rc4 -D -d .
Decryption self-test for rc4 passed.
Decryption self-test for rc4 passed.
cipher.sh: RSA Encrypt --------------------------------
bltest -T -m rsa -E -d .
Encryption self-test for rsa passed.
cipher.sh: RSA Decrypt --------------------------------
bltest -T -m rsa -D -d .
Decryption self-test for rsa passed.
cipher.sh: DSA Sign --------------------------------
bltest -T -m dsa -S -d .
Signature self-test for dsa passed.
cipher.sh: DSA Verify --------------------------------
bltest -T -m dsa -V -d .
Verification self-test for dsa passed.
cipher.sh: MD2 Hash --------------------------------
bltest -T -m md2 -H -d .
Hash self-test for md2 passed.
cipher.sh: MD5 Hash --------------------------------
bltest -T -m md5 -H -d .
Hash self-test for md5 passed.
cipher.sh: SHA1 Hash --------------------------------
bltest -T -m sha1 -H -d .
Hash self-test for sha1 passed.
smime.sh: S/MIME Tests ===============================
smime.sh: Signing Attached Message ------------------------------
cmsutil -S -N Alice -i alice.txt -d ../alicedir -p nss -o alice.sig
starting program
parsed command line
received commands
NSS has been initialized.
Got default certdb
Input to signed_data:
password [nss]
certUsage [4]
certdb [10076668]
nickname [Alice]
Found certificate for Alice
Created CMS message, added signed data w/ signerinfo
imported certificate
created signed-date message
cmsg [1009ac68]
arena [10097068]
password [nss]
input len [158]
44 61 74 65 3a 20 57 65 64 2c 20 32 30 20 53 65 70 20 32 30 30 30 20 30 30 3a 30
30 3a 30 31 20 2d 30 37 30
30 20 28 50 44 54 29  a 46 72 6f 6d 3a 20 61 6c 69 63 65 40 62 6f 67 75 73 2e 63
6f 6d  a 53 75 62 6a 65
63 74 3a 20 6d 65 73 73 61 67 65 20 41 6c 69 63 65 20 2d 2d 3e 20 42 6f 62  a 54
6f 3a 20 62 6f 62 40 62
6f 67 75 73 2e 63 6f 6d  a  a 54 68 69 73 20 69 73 20 61 20 74 65 73 74 20 6d 65
73 73 61 67 65 20 66 72
6f 6d 20 41 6c 69 63 65 20 74 6f 20 42 6f 62 2e  a encoding passed
wrote to file
smime.sh: Create Signature Alice . PASSED
cmsutil -D -i alice.sig -d ../bobdir -o alice.data1
starting program
parsed command line
received commands
NSS has been initialized.
Got default certdb
smime.sh: Decode Alice's Signature . PASSED
diff alice.txt alice.data1
smime.sh: Compare Decoded Signature and Original . PASSED
smime.sh: Enveloped Data Tests ------------------------------
cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \
        -o alice.env
starting program
parsed command line
received commands
NSS has been initialized.
Got default certdb
ERROR: cannot create CMS recipientInfo object.
cmsutil: problem enveloping: Certificate extension not found.
cmsg [0]
arena [10097030]
password [nss]
smime_main[99]: 183023 Memory fault(coredump)
smime.sh: Create Enveloped Data Alice . FAILED
cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1
starting program
parsed command line
received commands
NSS has been initialized.
Got default certdb
cmsutil: failed to decode message.
cmsutil: problem decoding: security library: improperly formatted DER-encoded
message.
smime.sh: Decode Enveloped Data Alice . FAILED
diff alice.txt alice.data1
1,6d0
< Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
< From: alice@bogus.com
< Subject: message Alice --> Bob
< To: bob@bogus.com
< 
< This is a test message from Alice to Bob.
smime.sh: Compare Decoded Enveloped Data and Original . FAILED
smime.sh: Sending CERTS-ONLY Message ------------------------------
cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \
        -d ../alicedir > co.der
starting program
parsed command line
received commands
NSS has been initialized.
Got default certdb
cmsg [10099a70]
arena [10096f88]
password [NULL]
input len [0]
encoding passed
wrote to file
smime.sh: Create Certs-Only Alice . PASSED
cmsutil -D -i co.der -d ../bobdir
starting program
parsed command line
received commands
NSS has been initialized.
Got default certdb
smime.sh: Verify Certs-Only by CA . PASSED
smime.sh: Encrypted-Data Message ---------------------------------
cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \
        -r "bob@bogus.com" > alice.enc
starting program
parsed command line
received commands
NSS has been initialized.
Got default certdb
ERROR: cannot create CMS recipientInfo object.
cmsutil: could not retrieve enveloped data.ERROR: cannot create CMS
encryptedData object.
cmsutil: problem encrypting: security library: invalid arguments.
smime.sh: Create Encrypted-Data . FAILED
cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \
        -o alice.data2
starting program
parsed command line
received commands
NSS has been initialized.
Got default certdb
cmsutil: failed to decode message.
smime_main[99]: 183022 Memory fault(coredump)
smime.sh: Decode Encrypted-Data . FAILED
1,6d0
< Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
< From: alice@bogus.com
< Subject: message Alice --> Bob
< To: bob@bogus.com
< 
< This is a test message from Alice to Bob.
smime.sh: Compare Decoded and Original Data . FAILED
RSAPERF: IRIX6.5_n32_PTH_DBG.OBJ 300 iterations in 18.430 s one operation every
61436 us
tools.sh: Tools Tests ===============================
tools.sh: Exporting Alice's email cert & key------------------
pk12util -o Alice.p12 -n "Alice" -d ../alicedir -k ../tests.pw.182422 \
         -w ../tests.pw.182422
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: Importing Alice's email cert & key -----------------
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw.182422 -w
../tests.pw.182422
tools.sh: Create objsign cert -------------------------------
signtool -G "objectsigner" -d ../alicedir -p "nss"
using certificate directory: ../alicedir

WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit the browser before continuing this operation. Enter 
"y" to continue, or anything else to abort: 

Enter certificate information.  All fields are optional. Acceptable
characters are numbers, letters, spaces, and apostrophes.
certificate common name: organization: organization unit: state or province:
country (must be exactly 2 characters): username: email address: generated
public/private key pair
certificate request generated
certificate has been signed
certificate "objsigner" added to database
Exported certificate to x509.raw and x509.cacert.
tools.sh: Signing a set of files ----------------------------
signtool -Z nojs.jar -d ../alicedir -p "nss" -k objsigner \
         ../tools/html
using certificate directory: ../alicedir
Generating ../tools/html/META-INF/manifest.mf file..
--> signjs.html
adding ../tools/html/signjs.html to nojs.jar...(deflated 20%)
--> sign.html
adding ../tools/html/sign.html to nojs.jar...(deflated 9%)
Generating zigbert.sf file..
adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 30%)
adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%)
adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 32%)
tree "../tools/html" signed successfully
tools.sh: Listing signed files in jar ----------------------
signtool -w nojs.jar -d ../alicedir
using certificate directory: ../alicedir

Signer information:

nickname: objsigner
subject name: CN=TEST, O=MOZ, OU=NSS, ST=NY, C=US, UID=liz, E=liz@moz.org
issuer name: CN=TEST, O=MOZ, OU=NSS, ST=NY, C=US, UID=liz, E=liz@moz.org
tools.sh: Show who signed jar ------------------------------
signtool -w nojs.jar -d ../alicedir
using certificate directory: ../alicedir

Signer information:

nickname: objsigner
subject name: CN=TEST, O=MOZ, OU=NSS, ST=NY, C=US, UID=liz, E=liz@moz.org
issuer name: CN=TEST, O=MOZ, OU=NSS, ST=NY, C=US, UID=liz, E=liz@moz.org
(Reporter)

Comment 1

18 years ago
Added CC

Comment 2

18 years ago
Matthew,
you reported this bug to show up on all platforms, all OS, but I have a feeling
that is shows up on Irix only - would you please change the "Platform" and "OS"
field to the appropriate value, or, if you tried on different systems note which
ones in the bugcomments?
I reassign the bug to Wan-Teh, because of our new bug guidlines, and add Ian to
the CC list, who is most knowledgeable about cmsutil.
Also, all of us are very busy with the early 3.3 release.
I looked at the problem and the patch, it looks plausible to me, I am just
wondering, why accessing an uninitialized pointer does not cause more troubles
on other platforms as well.
Assignee: sonmi → wtc
Component: Test → Tools

Comment 3

18 years ago
Assigned the bug to Kirk.
Assignee: wtc → kirke
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Hardware: All → SGI
Target Milestone: --- → 3.2.2

Comment 4

18 years ago
Matthew: do you dump core in cmsutil on the debug build every time
or intermittently?

Is this how you built NSS 3.2.1?
% cvs co -r NSS_3_2_1_RTM mozilla/security/coreconf mozilla/security/nss
% setenv USE_N32 1
% setenv USE_PTHREADS 1
% cd mozilla/security/coreconf
% gmake
% cd ../nss
% gmake import
% gmake

The last five steps can be replaced by:
% cd mozilla/security/nss
% gmake nss_RelEng_bld

Kirk: Have you reproduced the core dump in cmsutil?  I haven't
been able to do that.  You can use foo3 or interzone.
OS: All → IRIX
(Assignee)

Comment 5

18 years ago
> Kirk: Have you reproduced the core dump in cmsutil?  I haven't
> been able to do that.  You can use foo3 or interzone.

No.  I believe there was evidence in the log that something failed 
prior to the cmsutil run.  Its not right to ever core dump, but I 
think a failure prior to the segv sets IRIX apart.

Comment 6

18 years ago
Matthew:  I ran our QA test 12 times on the debug build.
All tests passed.  Could you rebuild NSS 3.2.1 and try again?

Comment 7

18 years ago
Matthew and I spent some time looking at this bug.  We
found that the smime tests only dump core if we compile NSS
with IRIX C compiler 7.3.  The smime tests pass if we
compile NSS with IRIX C compiler 7.1 or gcc 2.95.2.  I was
using IRIX C compiler 7.1, which is why I could not reproduce
the core dump.

Matthew finally tracked down cause of the core dump: the
local variable 'rv' in NSS_CMSRecipientInfo_Create() is
used uninitialized.  I asked Matthew to open a separate bug
for that (bug #86981).  Applying the fix for that bug enables
all NSS tests to pass when NSS is compiled with IRIX C
compiler 7.3.

Still, cmsutil should not dump core when something goes
wrong, so we should still fix this bug.  There were two coredumps
in Matthew's test log.  He and I looked at both of
them and know *where* we need to fix.  I'll need Ian's or
Christian's help to decide *how* to fix them.  In any case,
now that we know what caused the coredumps the severity of
this bug is lowered and it only needs to be fixed in NSS 3.4.
Severity: major → normal
Target Milestone: 3.2.2 → 3.4

Updated

18 years ago
Blocks: 73732
(Assignee)

Comment 8

17 years ago
I believe cmsutil became more robust between 3.2.1 and 3.4. 
options.certHandle is checked in main(), where the field is set,
ensuring cmsutil will not proceed and use it.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.