Mozilla 1.1 + NSS 3.5 crashes with the same behavior. Robert List
"Robert List" <[EMAIL PROTECTED]> schrieb im Newsbeitrag afrkv1$[EMAIL PROTECTED]">news:afrkv1$[EMAIL PROTECTED]... > > "Wan-Teh Chang" <[EMAIL PROTECTED]> schrieb im Newsbeitrag > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Robert List wrote: > > > Hallo! > > > > > > I have developed a Win32 PKCS#11 Library according to the Austrian > Digitale > > > Signature Legislation. The library should work with at least Mozilla 1.0 > + > > > NSS 3.4.2. Testing OS: Win 2000 professional German, SP2. > > > > > > The library establishes two slots. > > > One fixed slot, which contains all CA Certificates and the according > CRLs > > > (One selfsigned Root and one intermediate CA certificate + CRLs). > > > The other slot is a hardware slot and contains a ISO 7816 smartcard > token > > > (Private Key, Public Key + User Certificate). > > > > > > > > > If I select the "Manage CRLs" Button in the "Validation" dialog in the > > > "Preferences" dialog, the nss library (V3.4.2 Release Build) crashes at > the > > > function PK11_TraverseSlotCerts+0x206, with an Access Violation > Exception > > > c0000005. > > > I far as I checked the behavior of the CRL Parser, the code crashes, if > it > > > tries to decode a CRL with no revoked certificate in it. > > > > Could you send us a test case that reproduces this crash > > or the stack trace at the crash? You will need to use > > the NSS 3.4.2 debug build to get the stack trace. > > > > Thanks, > > Wan-Teh > > > Of course, see the attached files: > > Our CA-hierarchy consists of three CAs. One self-signed Root CA, and two > intermediate CAs, which issue the certificates stored on the smartcards. > The actual CRLs of the intermediate CAs have revoked certificates. The CRL > of the root CA does not contain a revoked certificate. > > If the pkcs11 module provides all three CRLs the Browser crashes. > If the pkcs11 module provide only the CRLs of the intermediate CAs the > Browser does not crash and shows the described "CRL-Dialog". > > The last thing the browsers does with the pkcs11 module is query for CRLs, > and start getting the content of the PKCS#11 Object with > C_GetAttributeValue. > > > Thanks > Robert List > > > > >
