Michael Ströder wrote, On 2008-08-06 04:07: > Nelson B Bolyard wrote: >>> cmsutil -D -d ~/.mozilla/xxxxxxx/ -c name.tar.gz -i name.tar.gz.p7m -o test >> I remember running into this long ago. As I recall, the pass/fail result >> is very subtle. It may be nothing more than the program's result code. >> >> What did you get in the "test" file? > > It's the same file (here name.tar.gz) like given with -c.
identical? same length and sum? Nothing extra on the beginning or end? >> Is the pass/fail indication there? > > Nope. The file given with -o seems to be the "decoded" file. > > If I invoke cmsutil with a wrong input file I get the following message: > ------------------------------ snip ------------------------------ > signer 0 status = DigestMismatch > cmsutil: problem decoding: Signature verification failed: no signer > found, too many signers found, or improper or corrupted data. > ------------------------------ snip ------------------------------ OK, so the failure result is verbose and explicit, and the success result is rather terse (:-). Did the -v option improve that any? > Strange enough this works as expected giving correct results: > > signver -V -v -d ~/.mozilla/xxxxxxx/ -i name.tar.gz < name.tar.gz.p7m It doesn't surprise me that that works. I am surprised that the other command fails in the fashion you've documented. Looking at the NSS source code I see no way for it to open the file named with the -s option for output (writing), yet your strace results show that it did. This makes me wonder if the program you have was built from official NSS sources, or if someone has modified the sources from which the distribution you used was built. :-( I wish I could point you to a distribution that I know was built from Mozilla's sources, unmodified, but alas, I don't know of any such for 3.12. The binaries for the NSS 3.11.4 release may be obtained from ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/ If the -s option also behaves as you found with those binaries, I'd like to know that. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
