Bug 463437

Summary: Issues raised during port of elinks
Product: [Fedora] Fedora Reporter: Rob Crittenden <rcritten>
Component: nss_compat_osslAssignee: Rob Crittenden <rcritten>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: kdudka, ovasik, poelstra, rcritten, rrelyea
Target Milestone: ---Keywords: Patch
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-03 22:28:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
proposed patch
none
updated patch to catch an NSS init failure none

Description Rob Crittenden 2008-09-23 14:09:16 UTC 
Description of problem:

> Perhaps your ELinks changes are stable.  However, nss_compat_ossl
> 0.9.2 itself is not stable enough.  Its SSL_library_init() calls
> exit(1) with no error message at all if NSS_Init(certDir) fails.
> That is just ridiculous; ELinks should still be able to access
> non-SSL sites.
>
> I had some trouble building nss_compat_ossl 0.9.2 on Debian:
>
> - Here, the libnss3-dev package contains e.g. /usr/include/nss/ssl.h, and
>   pkg-config --cflags nss outputs "-I/usr/include/nss -I/usr/include/nspr",
>   but nss_compat_ossl-0.9.2/src/nss_compat_ossl.h does #include
> <nss3/ssl.h>. As there is no actual nss3 directory, nor a symlink, this
> does not work.
>
> - Likewise with #include <nspr4/nspr.h>.
>
> - Similarly, we have /usr/lib/nss/libsoftokn3.so, but pkg-config --libs nss
>   does not output any -L options, so -lsoftokn3 in
>   nss_compat_ossl-0.9.2/src/Makefile.am doesn't find the library;
>   however, if I remove that -lsoftokn3, then nss_compat_ossl builds.
>
> Browsing the source code, I noticed RAND_load_file() can get
> stuck in a loop if I/O errors occur: fread() and feof() both
> return 0.  And RAND_write_file() should check for errors on
> fwrite() and fclose().  I gave up on reviewing ssl.c because
> I don't know NSPR and SSL well enough.

Version-Release number of selected component (if applicable):

nss_compat_ossl 0.9.2
Comment 1 Rob Crittenden 2008-09-23 14:36:34 UTC 
Created attachment 317481 [details]
proposed patch

This patch:

- checks the return values of fread() and fwrite()
- removes nss3 and nspr4 prefix on includes
- removes exit(1) if initialization fails. This will defer errors.
- adds a chmod(0600) on the when writing a random file to match OpenSSL behavior

Bob, can you review this?
Comment 2 Rob Crittenden 2008-09-30 18:38:34 UTC 
Created attachment 318105 [details]
updated patch to catch an NSS init failure

Since SSL_library_init() alwasy succeeds we need to catch any initialization or passphrase errors later.
Comment 3 Rob Crittenden 2008-10-01 20:16:11 UTC 
Committed upstream. Will be released as nss_compat-ossl-0.9.4

Sending        src/nss_compat_ossl.h
Sending        src/rand.c
Sending        src/ssl.c
Transmitting file data ...
Committed revision 64.
Comment 4 Fedora Update System 2008-10-01 21:09:30 UTC 
nss_compat_ossl-0.9.4-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/nss_compat_ossl-0.9.4-1.fc9
Comment 5 Fedora Update System 2008-10-01 21:09:34 UTC 
nss_compat_ossl-0.9.4-1.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/nss_compat_ossl-0.9.4-1.fc8
Comment 6 Fedora Update System 2008-10-03 22:28:05 UTC 
nss_compat_ossl-0.9.4-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2008-10-03 22:34:45 UTC 
nss_compat_ossl-0.9.4-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.