Alex,
alex21 wrote:
res =
CERT_VerifyCertificate(handle,cert,PR_TRUE,0,pTime,myStruc,&log,&returnedUsages);
// slot->refCount = 3 at this point for the signer certificate.
The signer certificate may be added to the CRL cache, and gets refcounted
as a result.
NSS_Shutdown() should take care of releasing that reference when it calls
ShutdownCRLCache();
That's my point - NSS_Shutdown _doesn't_ release that extra reference...
It does. Otherwise, none of our NSS test QA would pass. The NSS QA sets
the NSS_STRICT_SHUTDOWN variable to 1 . On debug builds of NSS, this
causes NSS_Shutdown() to fail if there are any leftover slot references.
The code that frees the cert reference in the CRL cache is in a function
called DPCache_Destroy . This is done in a CERT_DestroyCertificate call
. You can set a breakpoint and verify that this is happening .
I just checked this with the certutil -V command, which calls
CERT_VerifyCertificate .
(dbx) r
Running: certutil -d . -V -n server-cert -u S
(process id 402)
certutil: certificate is valid
[EMAIL PROTECTED] ([EMAIL PROTECTED]) stopped in DPCache_Destroy at line 1184 in file
"crl.c"
1184 CERT_DestroyCertificate(cache->issuer);
(dbx) w
current thread: [EMAIL PROTECTED]
=>[1] DPCache_Destroy(cache = 0x85c20), line 1184 in "crl.c"
[2] IssuerCache_Destroy(cache = 0x51008), line 1231 in "crl.c"
[3] FreeIssuer(he = 0x85478, i = 0, arg = 0xffbfed90), line 1255 in
"crl.c"
[4] PL_HashTableEnumerateEntries(ht = 0x518d8, f = 0xff200bc0 =
&`libnss3.so`crl.c`FreeIssuer(struct PLHashEntry *he, PRIntn i, void
*arg), arg = 0xffbfed90), line 432 in "plhash.c"
[5] ShutdownCRLCache(), line 1291 in "crl.c"
[6] NSS_Shutdown(), line 555 in "nssinit.c"
[7] certutil_main(argc = 8, argv = 0xffbff60c, initialize = 1), line
3090 in "certutil.c"
[8] main(argc = 8, argv = 0xffbff60c), line 3104 in "certutil.c"
(dbx) p cache->issuer->slot
cache->issuer->slot = 0x7d808
(dbx) p (*(`pk11slot.c`PK11SlotInfoStr*) 0x7d808)->refCount
(*((struct PK11SlotInfoStr *) 0x7d808)).refCount = 2
(dbx) stop in PK11_FreeSlot
(4) stop in PK11_FreeSlot
(dbx) c
[EMAIL PROTECTED] ([EMAIL PROTECTED]) stopped in PK11_FreeSlot at line 441 in file
"pk11slot.c"
441 if (PR_AtomicDecrement(&slot->refCount) == 0) {
(dbx) w
current thread: [EMAIL PROTECTED]
=>[1] PK11_FreeSlot(slot = 0x7d808), line 441 in "pk11slot.c"
[2] nssDecodedPKIXCertificate_Destroy(dc = 0x92300), line 535 in
"pki3hack.c"
[3] nssDecodedCert_Destroy(dc = 0x92300), line 112 in "certdecode.c"
[4] nssCertificate_Destroy(c = 0x85dc0), line 152 in "certificate.c"
[5] NSSCertificate_Destroy(c = 0x85dc0), line 170 in "certificate.c"
[6] CERT_DestroyCertificate(cert = 0x90228), line 612 in "stanpcertdb.c"
[7] DPCache_Destroy(cache = 0x85c20), line 1184 in "crl.c"
[8] IssuerCache_Destroy(cache = 0x51008), line 1231 in "crl.c"
[9] FreeIssuer(he = 0x85478, i = 0, arg = 0xffbfed90), line 1255 in
"crl.c"
[10] PL_HashTableEnumerateEntries(ht = 0x518d8, f = 0xff200bc0 =
&`libnss3.so`crl.c`FreeIssuer(struct PLHashEntry *he, PRIntn i, void
*arg), arg = 0xffbfed90), line 432 in "plhash.c"
[11] ShutdownCRLCache(), line 1291 in "crl.c"
[12] NSS_Shutdown(), line 555 in "nssinit.c"
[13] certutil_main(argc = 8, argv = 0xffbff60c, initialize = 1), line
3090 in "certutil.c"
[14] main(argc = 8, argv = 0xffbff60c), line 3104 in "certutil.c"
(dbx) c
[EMAIL PROTECTED] ([EMAIL PROTECTED]) stopped in PK11_FreeSlot at line 441 in file
"pk11slot.c"
441 if (PR_AtomicDecrement(&slot->refCount) == 0) {
(dbx) w
current thread: [EMAIL PROTECTED]
=>[1] PK11_FreeSlot(slot = 0x7d2c0), line 441 in "pk11slot.c"
[2] pk11_FreeListElement(list = 0xff28aac4, le = 0x56b28), line 159
in "pk11slot.c"
[3] PK11_ClearSlotList(slot = 0x7d2c0), line 958 in "pk11slot.c"
[4] SECMOD_DestroyModule(module = 0x58ab8), line 776 in "pk11util.c"
[5] SECMOD_DestroyModuleListElement(element = 0x51028), line 824 in
"pk11util.c"
[6] SECMOD_DestroyModuleList(list = 0x51028), line 840 in "pk11util.c"
[7] SECMOD_Shutdown(), line 98 in "pk11util.c"
[8] NSS_Shutdown(), line 559 in "nssinit.c"
[9] certutil_main(argc = 8, argv = 0xffbff60c, initialize = 1), line
3090 in "certutil.c"
[10] main(argc = 8, argv = 0xffbff60c), line 3104 in "certutil.c"
(dbx) c
[EMAIL PROTECTED] ([EMAIL PROTECTED]) stopped in PK11_FreeSlot at line 441 in file
"pk11slot.c"
441 if (PR_AtomicDecrement(&slot->refCount) == 0) {
(dbx) w
current thread: [EMAIL PROTECTED]
=>[1] PK11_FreeSlot(slot = 0x7d2c0), line 441 in "pk11slot.c"
[2] pk11_FreeListElement(list = 0xff28aadc, le = 0x56b58), line 159
in "pk11slot.c"
[3] PK11_ClearSlotList(slot = 0x7d2c0), line 958 in "pk11slot.c"
[4] SECMOD_DestroyModule(module = 0x58ab8), line 776 in "pk11util.c"
[5] SECMOD_DestroyModuleListElement(element = 0x51028), line 824 in
"pk11util.c"
[6] SECMOD_DestroyModuleList(list = 0x51028), line 840 in "pk11util.c"
[7] SECMOD_Shutdown(), line 98 in "pk11util.c"
[8] NSS_Shutdown(), line 559 in "nssinit.c"
[9] certutil_main(argc = 8, argv = 0xffbff60c, initialize = 1), line
3090 in "certutil.c"
[10] main(argc = 8, argv = 0xffbff60c), line 3104 in "certutil.c"
(dbx) c
[EMAIL PROTECTED] ([EMAIL PROTECTED]) stopped in PK11_FreeSlot at line 441 in file
"pk11slot.c"
441 if (PR_AtomicDecrement(&slot->refCount) == 0) {
(dbx) w
current thread: [EMAIL PROTECTED]
=>[1] PK11_FreeSlot(slot = 0x7d2c0), line 441 in "pk11slot.c"
[2] pk11_FreeListElement(list = 0xff28aa88, le = 0x56b40), line 159
in "pk11slot.c"
[3] PK11_ClearSlotList(slot = 0x7d2c0), line 958 in "pk11slot.c"
[4] SECMOD_DestroyModule(module = 0x58ab8), line 776 in "pk11util.c"
[5] SECMOD_DestroyModuleListElement(element = 0x51028), line 824 in
"pk11util.c"
[6] SECMOD_DestroyModuleList(list = 0x51028), line 840 in "pk11util.c"
[7] SECMOD_Shutdown(), line 98 in "pk11util.c"
[8] NSS_Shutdown(), line 559 in "nssinit.c"
[9] certutil_main(argc = 8, argv = 0xffbff60c, initialize = 1), line
3090 in "certutil.c"
[10] main(argc = 8, argv = 0xffbff60c), line 3104 in "certutil.c"
(dbx) c
[EMAIL PROTECTED] ([EMAIL PROTECTED]) stopped in PK11_FreeSlot at line 441 in file
"pk11slot.c"
441 if (PR_AtomicDecrement(&slot->refCount) == 0) {
(dbx) w
current thread: [EMAIL PROTECTED]
=>[1] PK11_FreeSlot(slot = 0x7d2c0), line 441 in "pk11slot.c"
[2] pk11_FreeListElement(list = 0xff28aa7c, le = 0x56b10), line 159
in "pk11slot.c"
[3] PK11_ClearSlotList(slot = 0x7d2c0), line 958 in "pk11slot.c"
[4] SECMOD_DestroyModule(module = 0x58ab8), line 776 in "pk11util.c"
[5] SECMOD_DestroyModuleListElement(element = 0x51028), line 824 in
"pk11util.c"
[6] SECMOD_DestroyModuleList(list = 0x51028), line 840 in "pk11util.c"
[7] SECMOD_Shutdown(), line 98 in "pk11util.c"
[8] NSS_Shutdown(), line 559 in "nssinit.c"
[9] certutil_main(argc = 8, argv = 0xffbff60c, initialize = 1), line
3090 in "certutil.c"
[10] main(argc = 8, argv = 0xffbff60c), line 3104 in "certutil.c"
(dbx) c
[EMAIL PROTECTED] ([EMAIL PROTECTED]) stopped in PK11_FreeSlot at line 441 in file
"pk11slot.c"
441 if (PR_AtomicDecrement(&slot->refCount) == 0) {
(dbx) w
current thread: [EMAIL PROTECTED]
=>[1] PK11_FreeSlot(slot = 0x7d2c0), line 441 in "pk11slot.c"
[2] pk11_FreeListElement(list = 0xff28aa70, le = 0x56a20), line 159
in "pk11slot.c"
[3] PK11_ClearSlotList(slot = 0x7d2c0), line 958 in "pk11slot.c"
[4] SECMOD_DestroyModule(module = 0x58ab8), line 776 in "pk11util.c"
[5] SECMOD_DestroyModuleListElement(element = 0x51028), line 824 in
"pk11util.c"
[6] SECMOD_DestroyModuleList(list = 0x51028), line 840 in "pk11util.c"
[7] SECMOD_Shutdown(), line 98 in "pk11util.c"
[8] NSS_Shutdown(), line 559 in "nssinit.c"
[9] certutil_main(argc = 8, argv = 0xffbff60c, initialize = 1), line
3090 in "certutil.c"
[10] main(argc = 8, argv = 0xffbff60c), line 3104 in "certutil.c"
(dbx) c
[EMAIL PROTECTED] ([EMAIL PROTECTED]) stopped in PK11_FreeSlot at line 441 in file
"pk11slot.c"
441 if (PR_AtomicDecrement(&slot->refCount) == 0) {
(dbx) w
current thread: [EMAIL PROTECTED]
=>[1] PK11_FreeSlot(slot = 0x7d2c0), line 441 in "pk11slot.c"
[2] pk11_FreeListElement(list = 0xff28aa64, le = 0x56b70), line 159
in "pk11slot.c"
[3] PK11_ClearSlotList(slot = 0x7d2c0), line 958 in "pk11slot.c"
[4] SECMOD_DestroyModule(module = 0x58ab8), line 776 in "pk11util.c"
[5] SECMOD_DestroyModuleListElement(element = 0x51028), line 824 in
"pk11util.c"
[6] SECMOD_DestroyModuleList(list = 0x51028), line 840 in "pk11util.c"
[7] SECMOD_Shutdown(), line 98 in "pk11util.c"
[8] NSS_Shutdown(), line 559 in "nssinit.c"
[9] certutil_main(argc = 8, argv = 0xffbff60c, initialize = 1), line
3090 in "certutil.c"
[10] main(argc = 8, argv = 0xffbff60c), line 3104 in "certutil.c"
=>[1] PK11_FreeSlot(slot = 0x7d808), line 441 in "pk11slot.c"
[2] SECMOD_DestroyModule(module = 0x58ab8), line 778 in "pk11util.c"
[3] SECMOD_DestroyModuleListElement(element = 0x51028), line 824 in
"pk11util.c"
[4] SECMOD_DestroyModuleList(list = 0x51028), line 840 in "pk11util.c"
[5] SECMOD_Shutdown(), line 98 in "pk11util.c"
[6] NSS_Shutdown(), line 559 in "nssinit.c"
[7] certutil_main(argc = 8, argv = 0xffbff60c, initialize = 1), line
3090 in "certutil.c"
[8] main(argc = 8, argv = 0xffbff60c), line 3104 in "certutil.c"
(dbx) c
execution completed, exit code is 0
The above debug session shows that the slot reference was 2 at the time
DPCache_Destroy was first invoked.
There are 2 ensuing calls to PK11_FreeSlot on that same slot (0x7d808) .
The first from the CERT_DestroyCertificate call in DPCache_Destroy. The
second from the SECMOD_DestroyModule call . Thus, the refcount is zero
at the end .
Therefore, the problem is in your application .
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
