bob, some changes has been made in opensc pkcs11 module. But before commenting that, we would like to ask you a thing: NSS_CMSEncoder_Finish fails now under weird circunstances: we have added some log in that function. Before the call to 'SEC_ASN1EncoderUpdate(p7ecx->exc)' we check the value of 'p7ecx->error'. It is 0. Then we check the same value after that function call and is not 0, but -12285. The weird thing is that we also log in 'SEC_ASN1EncoderUpdate' function and it returns with SECSuccess. How can this situation be possible? I mean, that the encoding is ok, but p7ecx->error is set != 0 ? Also, I tried to find the definition of error 12285 without success.
Thanks in advance, rf rf wrote: > I continued tracking down the problem. This is the sequence of calls until > "assertion failure" occurrs: > > NSS_CMSEncoder_Finish > PK11_Authenticate > PK11_DoPassword > pk11_GetPassword > own_defined_password_getting_function > nssTrustDomain_UpdateCachedTokenCerts > nssTrustDomain_GetCertsFromCache > STAN_ForceCERTCertificateUpdate > stan_GetCERTCertificate > fill_CERTCertificateFields > nssTrust_GetCERTCertTrustForCert > NSSCertificate_IsPrivateKeyAvailable > nssToken_IsPrivateKeyAvailable > PK11_MatchItem > pk11_FindObjectByTemplate > > and there we find: > /* blow up if the PKCS #11 module returns us and invalid object handle */ > PORT_Assert(object != CK_INVALID_HANDLE); > > then, Mozilla crashes. <<The following is the reply from Bob Relyea: << << The only assertion I find in pk11cert.c is the one in << PK11_FindObjectByTemplate. << << The assertion triggers because the PKCS #11 module (software << dealing with the smart card) returns success from both << FindObjectsInit and FindObjects, but returns the PKCS #11 << reserved handle with is INVALID. No matter what else is going << on, this should never happen unless there is a bug in the PKCS #11 << module itself. << As far as I can tell from your description, you are calling << everything correctly. My guess is you managed to put the card << in a state where it returns '0' for a handle to one of it's << objects. << bob
