I continued tracking down the problem. This is the sequence of calls until "assertion failure" occurrs:
NSS_CMSEncoder_Finish PK11_Authenticate PK11_DoPassword pk11_GetPassword own_defined_password_getting_function nssTrustDomain_UpdateCachedTokenCerts nssTrustDomain_GetCertsFromCache STAN_ForceCERTCertificateUpdate stan_GetCERTCertificate fill_CERTCertificateFields nssTrust_GetCERTCertTrustForCert NSSCertificate_IsPrivateKeyAvailable nssToken_IsPrivateKeyAvailable PK11_MatchItem pk11_FindObjectByTemplate and there we find: /* blow up if the PKCS #11 module returns us and invalid object handle */ PORT_Assert(object != CK_INVALID_HANDLE); then, Mozilla crashes. /rf rf wrote: > Hi > > I have found a weird behaviour when signing with help of Mozilla 1.3.1, > NSS (smime functions), opensc (pkcs11 library) and some pkcs15 smart cards > (finnish). The strange thing (assertion failure) happens when switching > smart cards after PK11_ListCerts has been called. > These are the steps that produces the assertion failure: > - call PK11_ListCerts. Both soft certs and certs in smart card are > properly retrieved > - switch smart card for another one > - call PK11_ListCerts. Both soft certs and certs in smart card are > properly retrieved > - select a cert from smart card > - sign (using NSS smime functions, like in smime tool) > - after introducing PIN code (via own-defined passw func.), Mozilla > crashes because of "Assertion failure: object != CK_INVALID_HANDLE, at > pk11cert.c" > > It seems like the function call that produces the assertion failure is: > nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain, > slot->nssToken); > (called from PK11_DoPassword that is called from PK11_Authenticate, that > is called because of the signing process) > > I have no idea about what that nssTrust... function is doing so I feel > like it is gonna be difficult to continue digging into nss files... > > What should I do (function calls) to prepare NSS upon smart card switching > prior cert-listing and signing operations? > > Any help will be very appreciated > /.R
