| Summary: | Errors parsing nested CMS messages make the encapsulated content irretrievable | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nalin Dahyabhai <nalin> | ||||||||||||
| Component: | nss | Assignee: | Elio Maldonado Batiz <emaldona> | ||||||||||||
| Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||
| Severity: | unspecified | Docs Contact: | |||||||||||||
| Priority: | unspecified | ||||||||||||||
| Version: | 19 | CC: | emaldona, kdudka, kengert, nalin, rrelyea | ||||||||||||
| Target Milestone: | --- | ||||||||||||||
| Target Release: | --- | ||||||||||||||
| Hardware: | Unspecified | ||||||||||||||
| OS: | Unspecified | ||||||||||||||
| Whiteboard: | |||||||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||
| Clone Of: | Environment: | ||||||||||||||
| Last Closed: | 2014-01-03 18:14:17 UTC | Type: | --- | ||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||
| Documentation: | --- | CRM: | |||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
Nalin Dahyabhai
2011-07-29 20:36:46 UTC
Created attachment 515937 [details]
preauth data
Created attachment 515938 [details]
server CA certificate
Created attachment 515939 [details]
client CA certificate
Created attachment 515940 [details]
client credentials
Created attachment 515941 [details]
test program
> In earlier versions, the EncapsulatedContentInfo's stated type was Data,
> so while it looked odd, it was easy to just parse it as a new CMS message,
> but in the current version the stated type is SignedData, so NSS tries to
> parse the nested ContentInfo as a SignedData, and it just fails.
So actually I was able to get a dump of the nexted ContentInfo and it is in fact SignedData, except it's not properly wrapped in a sequence. I have a patch I'll attach to the upstream bug which detects this case and magically adds the expected sequence. The patch makes nalin's test case in the bug work correctly. Nalin, could you see if the patch works in your test environment.
bob
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19 Ths was fixed a long time ago upstreama nd we picked it up in a rebase. |