Re: having problem with nsICertOverrideService.RememberValidityOverride()

Tue, 28 Jul 2009 10:04:17 -0700 

Hi Grant,
You might want to ask in mozilla.dev.tech.crypto, where the implementer of this service, Kai Engert, is more likely to see the question. 

Cheers,

Johnathan

On 28-Jul-09, at 12:26 PM, Grant Gayed wrote:


Hi,


I work on the SWT Browser, which embeds XULRunner.  I've been stuck  
on a
problem for a while now, and would really appreciate help with an  
issue

which could be a simple one.


As of XULRunner 1.9, when navigating to a site whose cert is  
considered
invalid (eg.- https://verisign.com), embeddors get an error alert  
("...site
has invalid cert...") with no opportunity to proceed.  So I've  
implemented a
dialog that allows the user to see what the cert problem is, say "go  
ahead
anyways", and then add the cert to the nsICertOverrideService (this  
happens

in an nsIBadCertListener2.NotifyCertProblem() implementation).  With
XULRunner 1.9.1 this all works perfectly fine.


However it's critical for us that this work with XULRunner 1.9.x as  
well,
and with this version the  
nsICertOverrideService.RememberValidityOverride()
invocation always returns NS_ERROR_FAILURE.  I've dug to see where  
this

diverges for us vs. firefox 3.0.9, and it happens in devtoken.c's

find_objects()'s invocation of C_FindObjects().  The args passed to  
this

call are the same for us and firefox (session->handle is the default

16777217, numhandles=0, arraysize=1), but firefox gets a returned  
object

count of 1 while we get 0.


I'm guessing that our embedding case is missing something that would  
result
in the default session having the object it's looking for, but I  
have no
idea what it is.  Can anyone suggest what it would be?  And if  
additional

info would be helpful then please let me know.

Thanks in advance for your help!
Grant


_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security


---
Johnathan Nightingale
Human Shield
john...@mozilla.com



_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security






















					Reply via email to