Re: [xmlsec] Re: Stack Traces re: crypto nss
Sorry for delay with response, I was out of town for the weekend :) The crash should be fixed in CVS. Thanks for your bug report! Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Re: Stack Traces re: crypto nss
No problem !!! Files affected ? Download them all ? Ed Aleksey Sanin wrote: Sorry for delay with response, I was out of town for the weekend :) The crash should be fixed in CVS. Thanks for your bug report! Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Re: Stack Traces re: crypto nss
You need to get the whole xmlsec source tree from CVS using anonymous cvs access: http://developer.gnome.org/tools/cvs.html Then run ./autogen.sh once and after that you can do usual ./configure make Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Re: Stack Traces re: crypto nss
Files affected ? src/nss/keysstore.c src/nss/pkikeys.c Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Re: Stack Traces re: crypto nss
make[3]: *** No rule to make target `keysstore.c', needed by `keysstore.lo'. Stop. Sounds like you've deleted this file. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Re: Stack Traces re: crypto nss
Hi Aleksey, Finally aaa !!! Thanks for all your help. Some quick notes: - the --enabled-key-data option must be either left, out or set to key-name when accessing keys in the nssdb - importing .p12's into local nssdb's using mozilla or firefox or thunderbird seems to work fine (i.e. cert8.db and keys3.db are inter-changeable with p12util-created db's - it would be helpful to add an rsakey to the /tmp/xmlsec-crypto-config nssdb files and then add a test which signs with that key nickname to test out nssdb access The rest seems perfect !!! Thanks once again, Ed Aleksey Sanin wrote: You need to get the whole xmlsec source tree from CVS using anonymous cvs access: http://developer.gnome.org/tools/cvs.html Then run ./autogen.sh once and after that you can do usual ./configure make Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Re: Stack Traces re: crypto nss
I tried upgrading mozilla, mozilla-nss, mozilla-nspr, etc to 1.7.10 ... No luck Still seg faulting whenever I try KeyName access to NSS DBs from within template Would it be possible to add a keycert/p12 to the empty nssdb in testKeys and then test signing with it in the testDSig suite ? This would help prove installation as well. Thanks again, Ed Edward Shallow wrote: Here are 2 stack traces for your review ... This is the test using KeyName in the template: (gdb) run sign --crypto nss --crypto-config /usr/local/src/epm/xmlsec-crypto-config-all --trusted-der /usr/local/src/epm/keys/nss/cacert.der --output /usr/local/src/epm/inout/edsign-nss-enveloping-rsa-keyname-x509chain.xml /usr/local/src/epm/tmpl/signing/tmpl-EPM-nss-enveloping-rsa-keyname-x509chain.xml The program being debugged has been started already. Start it from the beginning? (y or n) y warning: cannot close shared object read from target memory: File in wrong format Starting program: /usr/bin/xmlsec1 sign --crypto nss --crypto-config /usr/local/src/epm/xmlsec-crypto-config-all --trusted-der /usr/local/src/epm/keys/nss/cacert.der --output /usr/local/src/epm/inout/edsign-nss-enveloping-rsa-keyname-x509chain.xml /usr/local/src/epm/tmpl/signing/tmpl-EPM-nss-enveloping-rsa-keyname-x509chain.xml Reading symbols from shared object read from target memory...done. Loaded system supplied DSO at 0x43c000 [Thread debugging using libthread_db enabled] [New Thread -1208363328 (LWP 3448)] Detaching after fork from child process 3449. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208363328 (LWP 3448)] 0x06a7b166 in SECKEY_GetPublicKeyType () from /usr/lib/libnss3.so (gdb) This seg fault I managed to get from a --pkcs12 test which I hadn't received before: (gdb) run sign --crypto nss --crypto-config /usr/local/src/epm/xmlsec-crypto-config-all --pkcs12 /usr/local/src/epm/keys/nss/rsakey.p12 --pwd secret --output /usr/local/src/epm/inout/edsign-nss-sign-enveloped.xml /usr/local/src/epm/tmpl/signing/tmpl-EPM-nss-sign-enveloped.xml warning: cannot close shared object read from target memory: File in wrong format Starting program: /usr/bin/xmlsec1 sign --crypto nss --crypto-config /usr/local/src/epm/xmlsec-crypto-config-all --pkcs12 /usr/local/src/epm/keys/nss/rsakey.p12 --pwd secret --output /usr/local/src/epm/inout/edsign-nss-sign-enveloped.xml /usr/local/src/epm/tmpl/signing/tmpl-EPM-nss-sign-enveloped.xml Reading symbols from shared object read from target memory...done. Loaded system supplied DSO at 0x14f000 [Thread debugging using libthread_db enabled] [New Thread -120902 (LWP 3384)] Detaching after fork from child process 3385. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -120902 (LWP 3384)] 0x06a7b166 in SECKEY_GetPublicKeyType () from /usr/lib/libnss3.so (gdb) ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Re: Stack Traces re: crypto nss
Tried something else ... - copied empty nssdb files from xmlsec1-1.2.9/tests/nssdb - imported rsakey.p12 and ca2cert.der into nssdb using p12util - verified content of nssdb using certutil -L Everything looked good. Re-ran tests ... still seg faulting Ed Edward Shallow wrote: Forgot to mention ... I recompiled xmlsec and verified that it picked up mozilla 1.7.10 Edward Shallow wrote: I tried upgrading mozilla, mozilla-nss, mozilla-nspr, etc to 1.7.10 ... No luck Still seg faulting whenever I try KeyName access to NSS DBs from within template Would it be possible to add a keycert/p12 to the empty nssdb in testKeys and then test signing with it in the testDSig suite ? This would help prove installation as well. Thanks again, Ed Edward Shallow wrote: Here are 2 stack traces for your review ... This is the test using KeyName in the template: (gdb) run sign --crypto nss --crypto-config /usr/local/src/epm/xmlsec-crypto-config-all --trusted-der /usr/local/src/epm/keys/nss/cacert.der --output /usr/local/src/epm/inout/edsign-nss-enveloping-rsa-keyname-x509chain.xml /usr/local/src/epm/tmpl/signing/tmpl-EPM-nss-enveloping-rsa-keyname-x509chain.xml The program being debugged has been started already. Start it from the beginning? (y or n) y warning: cannot close shared object read from target memory: File in wrong format Starting program: /usr/bin/xmlsec1 sign --crypto nss --crypto-config /usr/local/src/epm/xmlsec-crypto-config-all --trusted-der /usr/local/src/epm/keys/nss/cacert.der --output /usr/local/src/epm/inout/edsign-nss-enveloping-rsa-keyname-x509chain.xml /usr/local/src/epm/tmpl/signing/tmpl-EPM-nss-enveloping-rsa-keyname-x509chain.xml Reading symbols from shared object read from target memory...done. Loaded system supplied DSO at 0x43c000 [Thread debugging using libthread_db enabled] [New Thread -1208363328 (LWP 3448)] Detaching after fork from child process 3449. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208363328 (LWP 3448)] 0x06a7b166 in SECKEY_GetPublicKeyType () from /usr/lib/libnss3.so (gdb) This seg fault I managed to get from a --pkcs12 test which I hadn't received before: (gdb) run sign --crypto nss --crypto-config /usr/local/src/epm/xmlsec-crypto-config-all --pkcs12 /usr/local/src/epm/keys/nss/rsakey.p12 --pwd secret --output /usr/local/src/epm/inout/edsign-nss-sign-enveloped.xml /usr/local/src/epm/tmpl/signing/tmpl-EPM-nss-sign-enveloped.xml warning: cannot close shared object read from target memory: File in wrong format Starting program: /usr/bin/xmlsec1 sign --crypto nss --crypto-config /usr/local/src/epm/xmlsec-crypto-config-all --pkcs12 /usr/local/src/epm/keys/nss/rsakey.p12 --pwd secret --output /usr/local/src/epm/inout/edsign-nss-sign-enveloped.xml /usr/local/src/epm/tmpl/signing/tmpl-EPM-nss-sign-enveloped.xml Reading symbols from shared object read from target memory...done. Loaded system supplied DSO at 0x14f000 [Thread debugging using libthread_db enabled] [New Thread -120902 (LWP 3384)] Detaching after fork from child process 3385. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -120902 (LWP 3384)] 0x06a7b166 in SECKEY_GetPublicKeyType () from /usr/lib/libnss3.so (gdb) ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec