Description of problem:
> Perhaps your ELinks changes are stable. However, nss_compat_ossl
> 0.9.2 itself is not stable enough. Its SSL_library_init() calls
> exit(1) with no error message at all if NSS_Init(certDir) fails.
> That is just ridiculous; ELinks should still be able to access
> non-SSL sites.
> I had some trouble building nss_compat_ossl 0.9.2 on Debian:
> - Here, the libnss3-dev package contains e.g. /usr/include/nss/ssl.h, and
> pkg-config --cflags nss outputs "-I/usr/include/nss -I/usr/include/nspr",
> but nss_compat_ossl-0.9.2/src/nss_compat_ossl.h does #include
> <nss3/ssl.h>. As there is no actual nss3 directory, nor a symlink, this
> does not work.
> - Likewise with #include <nspr4/nspr.h>.
> - Similarly, we have /usr/lib/nss/libsoftokn3.so, but pkg-config --libs nss
> does not output any -L options, so -lsoftokn3 in
> nss_compat_ossl-0.9.2/src/Makefile.am doesn't find the library;
> however, if I remove that -lsoftokn3, then nss_compat_ossl builds.
> Browsing the source code, I noticed RAND_load_file() can get
> stuck in a loop if I/O errors occur: fread() and feof() both
> return 0. And RAND_write_file() should check for errors on
> fwrite() and fclose(). I gave up on reviewing ssl.c because
> I don't know NSPR and SSL well enough.
Version-Release number of selected component (if applicable):
Created attachment 317481 [details]
- checks the return values of fread() and fwrite()
- removes nss3 and nspr4 prefix on includes
- removes exit(1) if initialization fails. This will defer errors.
- adds a chmod(0600) on the when writing a random file to match OpenSSL behavior
Bob, can you review this?
Created attachment 318105 [details]
updated patch to catch an NSS init failure
Since SSL_library_init() alwasy succeeds we need to catch any initialization or passphrase errors later.
Committed upstream. Will be released as nss_compat-ossl-0.9.4
Transmitting file data ...
Committed revision 64.
nss_compat_ossl-0.9.4-1.fc9 has been submitted as an update for Fedora 9.
nss_compat_ossl-0.9.4-1.fc8 has been submitted as an update for Fedora 8.
nss_compat_ossl-0.9.4-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
nss_compat_ossl-0.9.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.