Nelson B Bolyard wrote: > Michael Ströder wrote, On 2008-08-06 04:07: >> Nelson B Bolyard wrote: >>>> cmsutil -D -d ~/.mozilla/xxxxxxx/ -c name.tar.gz -i name.tar.gz.p7m -o test >>> I remember running into this long ago. As I recall, the pass/fail result >>> is very subtle. It may be nothing more than the program's result code. >>> >>> What did you get in the "test" file? >> It's the same file (here name.tar.gz) like given with -c. > > identical? same length and sum? Nothing extra on the beginning or end?
Yes. >> If I invoke cmsutil with a wrong input file I get the following message: >> ------------------------------ snip ------------------------------ >> signer 0 status = DigestMismatch >> cmsutil: problem decoding: Signature verification failed: no signer >> found, too many signers found, or improper or corrupted data. >> ------------------------------ snip ------------------------------ > > OK, so the failure result is verbose and explicit, and the success result > is rather terse (:-). Yes. ;-) > Did the -v option improve that any? No. >> Strange enough this works as expected giving correct results: >> >> signver -V -v -d ~/.mozilla/xxxxxxx/ -i name.tar.gz < name.tar.gz.p7m > > It doesn't surprise me that that works. I am surprised that the other > command fails in the fashion you've documented. Looking at the NSS source > code I see no way for it to open the file named with the -s option for > output (writing), yet your strace results show that it did. This makes > me wonder if the program you have was built from official NSS sources, > or if someone has modified the sources from which the distribution you > used was built. :-( Here are the SRPMs: http://download.opensuse.org/repositories/mozilla/openSUSE_11.0/src/ The patches are therein. > The binaries for the NSS 3.11.4 release may be obtained from > ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/ > If the -s option also behaves as you found with those binaries, I'd like > to know that. I will give it a try. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
