Nelson B Bolyard wrote:
> Michael Ströder wrote, On 2008-08-06 04:07:
>> Nelson B Bolyard wrote:
>>>> cmsutil -D -d ~/.mozilla/xxxxxxx/ -c name.tar.gz -i name.tar.gz.p7m -o test
>>> I remember running into this long ago.  As I recall, the pass/fail result
>>> is very subtle.  It may be nothing more than the program's result code.
>>>
>>> What did you get in the "test" file? 
>> It's the same file (here name.tar.gz) like given with -c.
> 
> identical?  same length and sum?  Nothing extra on the beginning or end?

Yes.

>> If I invoke cmsutil with a wrong input file I get the following message:
>> ------------------------------ snip ------------------------------
>> signer 0 status = DigestMismatch
>> cmsutil: problem decoding: Signature verification failed: no signer 
>> found, too many signers found, or improper or corrupted data.
>> ------------------------------ snip ------------------------------
> 
> OK, so the failure result is verbose and explicit, and the success result
> is rather terse (:-).

Yes. ;-)

> Did the -v option improve that any?

No.

>> Strange enough this works as expected giving correct results:
>>
>> signver -V -v -d ~/.mozilla/xxxxxxx/ -i name.tar.gz < name.tar.gz.p7m
> 
> It doesn't surprise me that that works.  I am surprised that the other
> command fails in the fashion you've documented.  Looking at the NSS source
> code I see no way for it to open the file named with the -s option for
> output (writing), yet your strace results show that it did.  This makes
> me wonder if the program you have was built from official NSS sources,
> or if someone has modified the sources from which the distribution you
> used was built.  :-(

Here are the SRPMs:

http://download.opensuse.org/repositories/mozilla/openSUSE_11.0/src/

The patches are therein.

> The binaries for the NSS 3.11.4 release may be obtained from
> ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/
> If the -s option also behaves as you found with those binaries, I'd like
> to know that.

I will give it a try.

Ciao, Michael.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to