Nelson,
Nelson B Bolyard wrote:
Two years ago this week, John Smith wrote to us:
When I sign using keytool.exe version 3.10 it signs OK,
When I sign using keytool.exe version 3.11 it throws this error:
using certificate directory: C:\Documents and
Settings\myusername\Application
Data\Mozilla\Firefox\Profiles\vsw8mp7m.default
signtool: function failed: An I/O error occurred during security
authorization.
I have tried 3.10 with -X option and it works fine. 3.11 still gives the
same error message.
That's it. Works fine for me now.
Just today I finally experienced this, and figured out the cause.
The problem only occurs under a specific set of circumstances which are
unusual for an NSS developer to ever encounter. However, they are the
very circumstances in which a typical Solaris user uses signtool.
It requires that NSS's shared libraries not be in the same directory
where the signtool executable lives, nor in ../lib (relative to the
directory where signtool lives) nor (evidently) in the LD_LIBRARY_PATH.
These conditions are not true if you use freshly built NSS bits, or if
you use NSS bits from the zip/tar distributions. They are true on Solaris,
where the shared libraries live in /usr/lib/mps and the executable program
files live in /usr/sfw/bin.
There are several possible workarounds, all simple. Simply copy (don't
symlink) the signtool executable into some directory of your choice, and
copy or symlink the NSS shared libraries into that directory also. Then
run the executable from that directory.
The user above was using Windows, not Solaris. On Windows we didn't have
freebl shared libs in 3.10, and thus no freebl library loading was
necessary. The simplest workaround for Windows users is to set the PATH
before running signtool. On other platforms, set the equivalent -
LD_LIBRARY_PATH for Solaris/Linux, SHLIB_PATH for HP-UX, and LIBPATH for
AIX. Doing this was already required on several architectures that
already had freebl shared libs since NSS 3.2. It's just that in NSS 3.11
all platforms have freebl shared libs.
The problem has been fixed once and for all in NSS 3.12 . signtool no
longer loads freebl shared libs directly. It now uses the softoken
shared library, like every other sane NSS program should, and the
softoken loads the freebl shared libs properly.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
