From owner-freebsd-gecko@FreeBSD.ORG  Tue Feb 21 12:22:36 2012
Return-Path: <owner-freebsd-gecko@FreeBSD.ORG>
Delivered-To: freebsd-gecko@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F0D12106564A;
	Tue, 21 Feb 2012 12:22:35 +0000 (UTC)
	(envelope-from c.kworr@gmail.com)
Received: from mail-we0-f182.google.com (mail-we0-f182.google.com
	[74.125.82.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 565B98FC19;
	Tue, 21 Feb 2012 12:22:34 +0000 (UTC)
Received: by werm13 with SMTP id m13so6051028wer.13
	for <multiple recipients>; Tue, 21 Feb 2012 04:22:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:cc:subject
	:references:in-reply-to:content-type;
	bh=/dARYBRsCLqZDteVRJyWBq0AirBU+Wu6NajIJ4A1hK4=;
	b=jq/CxCuBbEKHIbXlk2NHngSXmDcq3lZJ/a4aa69KhFaRjnhABsmG39Ji+IAKDmic5x
	1ljWzKzZSHKhO1IaOtZ559ynTlMGvKtfYmRrNTUaMUGWmY2YeLaTqxrEQbpYSpZH1DO1
	VEZeM+RHvajLzKVNL3sM6NbjsBblBuJvtWrSM=
Received: by 10.180.87.8 with SMTP id t8mr21958464wiz.15.1329825247393;
	Tue, 21 Feb 2012 03:54:07 -0800 (PST)
Received: from green.tandem.local (158-209-200-46.pool.ukrtel.net.
	[46.200.209.158])
	by mx.google.com with ESMTPS id fw5sm22070933wib.0.2012.02.21.03.54.04
	(version=SSLv3 cipher=OTHER); Tue, 21 Feb 2012 03:54:06 -0800 (PST)
Message-ID: <4F4385DA.5020708@gmail.com>
Date: Tue, 21 Feb 2012 13:54:02 +0200
From: Volodymyr Kostyrko <c.kworr@gmail.com>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:10.0.2) Gecko/20120220 Firefox/10.0.2 SeaMonkey/2.7.2
MIME-Version: 1.0
To: Florian Smeets <flo@FreeBSD.org>
References: <4EDF2F1A.1080807@gmail.com> <4EF065C0.1040908@freebsd.org>
	<4EF06742.2070501@gmail.com> <4F42C061.9070604@FreeBSD.org>
In-Reply-To: <4F42C061.9070604@FreeBSD.org>
Content-Type: multipart/mixed; boundary="------------090002080402030806090506"
Cc: freebsd-gecko@FreeBSD.org
Subject: Re: devel/nspr dumps core when checking cert with security/nss
X-BeenThere: freebsd-gecko@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Gecko Rendering Engine issues <freebsd-gecko.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gecko>,
	<mailto:freebsd-gecko-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-gecko>
List-Post: <mailto:freebsd-gecko@freebsd.org>
List-Help: <mailto:freebsd-gecko-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gecko>,
	<mailto:freebsd-gecko-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2012 12:22:36 -0000

This is a multi-part message in MIME format.
--------------090002080402030806090506
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Florian Smeets wrote:
>>>> RELENG_9, world and ports built with clang.
>>>>
>>>
>>> Do you know if it's caused by the port being built with clang or if
>>> world compiled with clang is the cause?
>>
>> I tested that on RELENG_8 also with the same result.
>>
>> Random junk or hints:
>>    1. certtool from gnutls verifies certificates successfully.
>>    2. Making both keys with 2048 bit width gives the same result.
>>
>> So maybe it's rather about supporting wide (2048 bit) DSA keys?
>>
>
> This seems to be fixed by nspr-4.9 / nss-3.13.2. With your Makefile the
> tool does not crash anymore.

Strange, still crashes for me on RELENG_8_2 and RELENG_9 built with clang:

# checking with certtool
certtool -e --infile site.cert --infile base.cert
Certificate[0]: C=AU,ST=Some-State,O=Internet Widgits Pty Ltd,OU=Pity 
sec,CN=base,EMAIL=noone@nowhere.com
         Issued by: C=AU,ST=Some-State,O=Internet Widgits Pty 
Ltd,OU=Pity sec,CN=base,EMAIL=noone@nowhere.com
         Verification output: Verified.

Chain verification output: Verified.
# checking cert with nss
checkcert -aA site.cert base.cert
Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 0 (0x0)
*** Signal 11

Stop in /home/arcade/tmp.

I'll include Makefile for later reference.

And I was wrong, this is not about 2048-bit keys, it fails on 1024-bit 
keys too.

I'll try to setup a virtual host with stock RELENG_9_0 and recheck there.

-- 
Sphinx of black quartz judge my vow.

--------------090002080402030806090506
Content-Type: text/plain;
 name="Makefile"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Makefile"

YWxsOgoJIyBjcmVhdGluZyBzaW1wbGUgQ0EKCW9wZW5zc2wgZHNhcGFyYW0gLW91dCBkcDIw
NDgucGVtIDEwMjQKCW9wZW5zc2wgZ2VuZHNhIC1vdXQgYmFzZS5wZW0gZHAyMDQ4LnBlbQoJ
cHJpbnRmICdcblxuXG5cblBpdHkgc2VjXG5iYXNlXG5ub29uZUBub3doZXJlLmNvbVxuJyB8
IG9wZW5zc2wgcmVxIC1uZXcgLXg1MDkgLW91dCBiYXNlLmNlcnQgLWtleSBiYXNlLnBlbSAt
ZGF5cyAzNjUKCUBlY2hvCglta2RpciAtcCBkZW1vQ0EvbmV3Y2VydHMKCXRvdWNoIGRlbW9D
QS9pbmRleC50eHQKCWVjaG8gMDAgPiBkZW1vQ0Evc2VyaWFsCgkjIGNyZWF0aW5nIHNhbXBs
ZSBjZXJ0CglvcGVuc3NsIGRzYXBhcmFtIC1vdXQgZHAxMDI0LnBlbSAxMDI0CglvcGVuc3Ns
IGdlbmRzYSAtb3V0IHNpdGUucGVtIGRwMTAyNC5wZW0KCXByaW50ZiAnXG5cblxuXG5QaXR5
IHNlY1xuc2l0ZS5iYXNlXG5ub29uZUBub3doZXJlLmNvbVxuXG5cbicgfCBvcGVuc3NsIHJl
cSAtbmV3IC1vdXQgc2l0ZS5yZXEgLWtleSBzaXRlLnBlbSAtZGF5cyAzNjUKCUBlY2hvCgkj
IHNpZ25pbmcgY2VydAoJcHJpbnRmICd5XG55XG4nIHwgb3BlbnNzbCBjYSAtY2VydCBiYXNl
LmNlcnQgLWtleWZpbGUgYmFzZS5wZW0gLXBvbGljeSBwb2xpY3lfYW55dGhpbmcgLW91dCBz
aXRlLmNlcnQgLWluZmlsZXMgc2l0ZS5yZXEKCSMgY2hlY2tpbmcgd2l0aCBjZXJ0dG9vbAoJ
Y2VydHRvb2wgLWUgLS1pbmZpbGUgc2l0ZS5jZXJ0IC0taW5maWxlIGJhc2UuY2VydAoJIyBj
aGVja2luZyBjZXJ0IHdpdGggbnNzCgljaGVja2NlcnQgLWFBIHNpdGUuY2VydCBiYXNlLmNl
cnQKCmNsZWFuOgoJcm0gLXJmIGRwMjA0OC5wZW0gZHAxMDI0LnBlbSBiYXNlLnBlbSBzaXRl
LnBlbSBiYXNlLmNlcnQgc2l0ZS5yZXEgc2l0ZS5jZXJ0IGRlbW9DQQo=
--------------090002080402030806090506--