Bug 463437 - Issues raised during port of elinks
Summary: Issues raised during port of elinks
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: nss_compat_ossl
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-09-23 14:09 UTC by Rob Crittenden
Modified: 2008-10-03 22:34 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-10-03 22:28:07 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
proposed patch (2.41 KB, patch)
2008-09-23 14:36 UTC, Rob Crittenden 		no flags Details | Diff
updated patch to catch an NSS init failure (2.81 KB, patch)
2008-09-30 18:38 UTC, Rob Crittenden 		no flags Details | Diff
Show Obsolete (1) View All

Description Rob Crittenden 2008-09-23 14:09:16 UTC 
Description of problem:

> Perhaps your ELinks changes are stable.  However, nss_compat_ossl
> 0.9.2 itself is not stable enough.  Its SSL_library_init() calls
> exit(1) with no error message at all if NSS_Init(certDir) fails.
> That is just ridiculous; ELinks should still be able to access
> non-SSL sites.
>
> I had some trouble building nss_compat_ossl 0.9.2 on Debian:
>
> - Here, the libnss3-dev package contains e.g. /usr/include/nss/ssl.h, and
>   pkg-config --cflags nss outputs "-I/usr/include/nss -I/usr/include/nspr",
>   but nss_compat_ossl-0.9.2/src/nss_compat_ossl.h does #include
> <nss3/ssl.h>. As there is no actual nss3 directory, nor a symlink, this
> does not work.
>
> - Likewise with #include <nspr4/nspr.h>.
>
> - Similarly, we have /usr/lib/nss/libsoftokn3.so, but pkg-config --libs nss
>   does not output any -L options, so -lsoftokn3 in
>   nss_compat_ossl-0.9.2/src/Makefile.am doesn't find the library;
>   however, if I remove that -lsoftokn3, then nss_compat_ossl builds.
>
> Browsing the source code, I noticed RAND_load_file() can get
> stuck in a loop if I/O errors occur: fread() and feof() both
> return 0.  And RAND_write_file() should check for errors on
> fwrite() and fclose().  I gave up on reviewing ssl.c because
> I don't know NSPR and SSL well enough.

Version-Release number of selected component (if applicable):

nss_compat_ossl 0.9.2
Comment 1 Rob Crittenden 2008-09-23 14:36:34 UTC 
Created attachment 317481 [details]
proposed patch

This patch:

- checks the return values of fread() and fwrite()
- removes nss3 and nspr4 prefix on includes
- removes exit(1) if initialization fails. This will defer errors.
- adds a chmod(0600) on the when writing a random file to match OpenSSL behavior

Bob, can you review this?
Comment 2 Rob Crittenden 2008-09-30 18:38:34 UTC 
Created attachment 318105 [details]
updated patch to catch an NSS init failure

Since SSL_library_init() alwasy succeeds we need to catch any initialization or passphrase errors later.
Comment 3 Rob Crittenden 2008-10-01 20:16:11 UTC 
Committed upstream. Will be released as nss_compat-ossl-0.9.4

Sending        src/nss_compat_ossl.h
Sending        src/rand.c
Sending        src/ssl.c
Transmitting file data ...
Committed revision 64.
Comment 4 Fedora Update System 2008-10-01 21:09:30 UTC 
nss_compat_ossl-0.9.4-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/nss_compat_ossl-0.9.4-1.fc9
Comment 5 Fedora Update System 2008-10-01 21:09:34 UTC 
nss_compat_ossl-0.9.4-1.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/nss_compat_ossl-0.9.4-1.fc8
Comment 6 Fedora Update System 2008-10-03 22:28:05 UTC 
nss_compat_ossl-0.9.4-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2008-10-03 22:34:45 UTC 
nss_compat_ossl-0.9.4-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.