Bug 510343
| Summary: | Segmentation fault if nickname doesn't exist when doing client auth | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Rob Crittenden <rcritten> |
| Component: | python-nss | Assignee: | John Dennis <jdennis> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | jdennis |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 0.6-2.fc11 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-07-09 12:17:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
please give https://koji.fedoraproject.org/koji/taskinfo?taskID=1462440 a try and let me know if it fixes the problem. oh BTW, you might have to change ssl.nssinit() to nss.nss_init() Works for me after making the API change. Thanks for testing, pushing the fix out now in python-nss-0.6-2 BTW, restored ssl.nssinit() but it issues a deprecation warning. python-nss-0.6-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/python-nss-0.6-2.fc11 python-nss-0.6-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/python-nss-0.6-2.fc10 python-nss-0.6-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. python-nss-0.6-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: This python program, using nsslib from the IPA project, crashes if the nickname ipaCert is not in the database. from ipapython import nsslib import nss.nss as nss import nss.ssl as ssl from nss.error import NSPRError ca_host="test.example.com" ca_ssl_port=9443 sec_dir="/tmp" url="/ca/agent/ca/displayBySerial" post='xmlOutput=true&serialNumber=7' headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"} conn = nsslib.NSSConnection(ca_host, ca_ssl_port, dbdir=sec_dir) conn.sslsock.set_client_auth_data_callback(nsslib.client_auth_data_callback, "ipaCert", "", nss.get_default_certdb()) conn.set_debuglevel(99) conn.request("POST", url, post, headers) res = conn.getresponse() The backtrace is: #0 0x00f519a8 in get_client_auth_data (arg=0xb80583a0, fd=0x9cd4238, caNames=0xbf8f9bd4, pRetCert=0x9cd45f0, pRetKey=0x9cd45f4) at src/nss/py_ssl.c:655 655 if (!PyCertificate_Check(py_cert)) { Missing separate debuginfos, use: debuginfo-install e2fsprogs.i386 keyutils.i386 krb5.i386 libselinux.i386 openssl.i686 zlib.i386 (gdb) where #0 0x00f519a8 in get_client_auth_data (arg=0xb80583a0, fd=0x9cd4238, caNames=0xbf8f9bd4, pRetCert=0x9cd45f0, pRetKey=0x9cd45f4) at src/nss/py_ssl.c:655 #1 0x04c6e69d in ssl3_HandleHandshakeMessage (ss=<value optimized out>, b=<value optimized out>, length=<value optimized out>) at ssl3con.c:5187 #2 0x04c6f2fc in ssl3_HandleRecord (ss=<value optimized out>, cText=<value optimized out>, databuf=<value optimized out>) at ssl3con.c:8061 #3 0x04c6fc39 in ssl3_GatherCompleteHandshake (ss=<value optimized out>, flags=<value optimized out>) at ssl3gthr.c:206 #4 0x04c72dab in ssl_GatherRecord1stHandshake (ss=<value optimized out>) at sslcon.c:1258 #5 0x04c78995 in ssl_Do1stHandshake (ss=<value optimized out>) ... (gdb) print py_cert $1 = (PyObject *) 0x0 Version-Release number of selected component (if applicable): python-nss-0.1-2