Site Navigation

Date:      Tue, 21 Feb 2012 13:54:02 +0200
From:      Volodymyr Kostyrko <c.kworr@gmail.com>
To:        Florian Smeets <flo@FreeBSD.org>
Cc:        freebsd-gecko@FreeBSD.org
Subject:   Re: devel/nspr dumps core when checking cert with security/nss
Message-ID:  <4F4385DA.5020708@gmail.com>
In-Reply-To: <4F42C061.9070604@FreeBSD.org>
References:  <4EDF2F1A.1080807@gmail.com> <4EF065C0.1040908@freebsd.org> <4EF06742.2070501@gmail.com> <4F42C061.9070604@FreeBSD.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

This is a multi-part message in MIME format.
--------------090002080402030806090506
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Florian Smeets wrote:
>>>> RELENG_9, world and ports built with clang.
>>>>
>>>
>>> Do you know if it's caused by the port being built with clang or if
>>> world compiled with clang is the cause?
>>
>> I tested that on RELENG_8 also with the same result.
>>
>> Random junk or hints:
>>    1. certtool from gnutls verifies certificates successfully.
>>    2. Making both keys with 2048 bit width gives the same result.
>>
>> So maybe it's rather about supporting wide (2048 bit) DSA keys?
>>
>
> This seems to be fixed by nspr-4.9 / nss-3.13.2. With your Makefile the
> tool does not crash anymore.

Strange, still crashes for me on RELENG_8_2 and RELENG_9 built with clang:

# checking with certtool
certtool -e --infile site.cert --infile base.cert
Certificate[0]: C=AU,ST=Some-State,O=Internet Widgits Pty Ltd,OU=Pity 
sec,CN=base,EMAIL=noone@nowhere.com
         Issued by: C=AU,ST=Some-State,O=Internet Widgits Pty 
Ltd,OU=Pity sec,CN=base,EMAIL=noone@nowhere.com
         Verification output: Verified.

Chain verification output: Verified.
# checking cert with nss
checkcert -aA site.cert base.cert
Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 0 (0x0)
*** Signal 11

Stop in /home/arcade/tmp.

I'll include Makefile for later reference.

And I was wrong, this is not about 2048-bit keys, it fails on 1024-bit 
keys too.

I'll try to setup a virtual host with stock RELENG_9_0 and recheck there.

-- 
Sphinx of black quartz judge my vow.

--------------090002080402030806090506
Content-Type: text/plain;
 name="Makefile"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Makefile"

YWxsOgoJIyBjcmVhdGluZyBzaW1wbGUgQ0EKCW9wZW5zc2wgZHNhcGFyYW0gLW91dCBkcDIw
NDgucGVtIDEwMjQKCW9wZW5zc2wgZ2VuZHNhIC1vdXQgYmFzZS5wZW0gZHAyMDQ4LnBlbQoJ
cHJpbnRmICdcblxuXG5cblBpdHkgc2VjXG5iYXNlXG5ub29uZUBub3doZXJlLmNvbVxuJyB8
IG9wZW5zc2wgcmVxIC1uZXcgLXg1MDkgLW91dCBiYXNlLmNlcnQgLWtleSBiYXNlLnBlbSAt
ZGF5cyAzNjUKCUBlY2hvCglta2RpciAtcCBkZW1vQ0EvbmV3Y2VydHMKCXRvdWNoIGRlbW9D
QS9pbmRleC50eHQKCWVjaG8gMDAgPiBkZW1vQ0Evc2VyaWFsCgkjIGNyZWF0aW5nIHNhbXBs
ZSBjZXJ0CglvcGVuc3NsIGRzYXBhcmFtIC1vdXQgZHAxMDI0LnBlbSAxMDI0CglvcGVuc3Ns
IGdlbmRzYSAtb3V0IHNpdGUucGVtIGRwMTAyNC5wZW0KCXByaW50ZiAnXG5cblxuXG5QaXR5
IHNlY1xuc2l0ZS5iYXNlXG5ub29uZUBub3doZXJlLmNvbVxuXG5cbicgfCBvcGVuc3NsIHJl
cSAtbmV3IC1vdXQgc2l0ZS5yZXEgLWtleSBzaXRlLnBlbSAtZGF5cyAzNjUKCUBlY2hvCgkj
IHNpZ25pbmcgY2VydAoJcHJpbnRmICd5XG55XG4nIHwgb3BlbnNzbCBjYSAtY2VydCBiYXNl
LmNlcnQgLWtleWZpbGUgYmFzZS5wZW0gLXBvbGljeSBwb2xpY3lfYW55dGhpbmcgLW91dCBz
aXRlLmNlcnQgLWluZmlsZXMgc2l0ZS5yZXEKCSMgY2hlY2tpbmcgd2l0aCBjZXJ0dG9vbAoJ
Y2VydHRvb2wgLWUgLS1pbmZpbGUgc2l0ZS5jZXJ0IC0taW5maWxlIGJhc2UuY2VydAoJIyBj
aGVja2luZyBjZXJ0IHdpdGggbnNzCgljaGVja2NlcnQgLWFBIHNpdGUuY2VydCBiYXNlLmNl
cnQKCmNsZWFuOgoJcm0gLXJmIGRwMjA0OC5wZW0gZHAxMDI0LnBlbSBiYXNlLnBlbSBzaXRl
LnBlbSBiYXNlLmNlcnQgc2l0ZS5yZXEgc2l0ZS5jZXJ0IGRlbW9DQQo=
--------------090002080402030806090506--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F4385DA.5020708>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact