Re: Invalide certificate encoding crashing certutil [Re: Thunderbird: Could not verify this certificate for unknown reasons]
On 2010/10/28 02:14 PDT, Jean-Marc Desperrier wrote: Nelson B Bolyard wrote: Please don't file a bug without a stack trace showing the crash is in NSS. [...] If the back trace shows the crash is not in NSS, but in some other library, please direct the bug report accordingly. The report is that the crashs is inside NSS's certutil, Nelson. Perhaps I have confused this Matej with another. I understood that Matej is developing his own PKCS#11 module, and his report is that NSS's certutil crashes when run with his non-NSS PKCS#11 module. The crash may well be in that module. Matej, If I'm confused, feel free to set me straight. As Thunderbird with the same data doesn't crash, it doesn't seem to actually be in the library, but even just in a NSS tool, a crash is serious. Show me that the crash occurred in NSS code, and not in the code of some PKCS#11 module, and I'll be more convinced. A bug report that says nothing more than I ran this program with this other PKCS#11 module and it crashed won't yield any desirable results, unless someone happens to say Oh I saw that too and fixed it by -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Invalide certificate encoding crashing certutil [Re: Thunderbird: Could not verify this certificate for unknown reasons]
On 29. 10. 2010 14:11, Nelson B Bolyard wrote: On 2010/10/28 02:14 PDT, Jean-Marc Desperrier wrote: Nelson B Bolyard wrote: Please don't file a bug without a stack trace showing the crash is in NSS. [...] If the back trace shows the crash is not in NSS, but in some other library, please direct the bug report accordingly. The report is that the crashs is inside NSS's certutil, Nelson. Perhaps I have confused this Matej with another. I understood that Matej is developing his own PKCS#11 module, and his report is that NSS's certutil crashes when run with his non-NSS PKCS#11 module. The crash may well be in that module. Matej, If I'm confused, feel free to set me straight. You are right, Nelson. M. Kurpel -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Invalide certificate encoding crashing certutil [Re: Thunderbird: Could not verify this certificate for unknown reasons]
Matej Kurpel wrote: In the Type field for S:, O:, OU: and CN: I always provided 0x0c which is utf-8 string, but in the certificate there was 0x13 - printable string. After I changed it - voila, it's working in Thunderbird, and certutil doesn't crash anymore. It sounds like a serious bug. Could you open it in bugzilla, with NSS tools as the component ? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Invalide certificate encoding crashing certutil [Re: Thunderbird: Could not verify this certificate for unknown reasons]
On 26. 10. 2010 10:43, Jean-Marc Desperrier wrote: Matej Kurpel wrote: In the Type field for S:, O:, OU: and CN: I always provided 0x0c which is utf-8 string, but in the certificate there was 0x13 - printable string. After I changed it - voila, it's working in Thunderbird, and certutil doesn't crash anymore. It sounds like a serious bug. Could you open it in bugzilla, with NSS tools as the component ? Just to recap: it was my fault that I provided the wrong Type fields - other ones than those that were physically in the certificate. In the CKA_VALUE I provided all certificate bytes and in CKA_ISSUER and CKA_SUBJECT I provided my own DER-encoded values with the wrong Type fields. However, how does a printable string differ from utf8string (and other strings, particularly ia5string) when there are no non-ascii characters? Do you think it's a bug in NSS...? M. Kurpel -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Invalide certificate encoding crashing certutil [Re: Thunderbird: Could not verify this certificate for unknown reasons]
On 2010-10-26 05:07 PDT, Jean-Marc Desperrier wrote: Matej Kurpel wrote: However, how does a printable string differ from utf8string (and other strings, particularly ia5string) when there are no non-ascii characters? Do you think it's a bug in NSS...? printable string basically allows only the alphabet and numeric characters. ia5string allows all of 7-bit ASCII. For both, any character with the eighth bit set will be invalid. A crash when meeting invalid data is always a bug, especially for a security tool. Even if here it seem to only be a bug inside the certutil tool, not inside the NSS library component themselves. Please don't file a bug without a stack trace showing the crash is in NSS. When your program crashes, it should create a file named core or core (where X is a number that varies). You run the gdb debugger pointing it to the executable and the core file, and give it the command bt (Back Trace), and it does the rest. If the back trace shows the crash is not in NSS, but in some other library, please direct the bug report accordingly. -- /Nelson Bolyard -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto