On 2009-07-28 10:41 PDT, Grant Gayed wrote: > (originally posted on the mozilla.dev.security group, was suggested to post > here as well)
Yeah, this is the right place. > I work on the SWT Browser, which embeds XULRunner. I've been stuck on a > problem for a while now, and would really appreciate help with an issue > which could be a simple one. > > As of XULRunner 1.9, when navigating to a site whose cert is considered > invalid (eg.- https://verisign.com), embedders get an error alert ("...site > has invalid cert...") with no opportunity to proceed. So I've implemented a > dialog that allows the user to see what the cert problem is, say "go ahead > anyways", and then add the cert to the nsICertOverrideService (this happens > in an nsIBadCertListener2.NotifyCertProblem() implementation). With > XULRunner 1.9.1 this all works perfectly fine. > > However it's critical for us that this work with XULRunner 1.9.x as well, > and with this version the nsICertOverrideService.RememberValidityOverride() > invocation always returns NS_ERROR_FAILURE. I've dug to see where this > diverges for us vs. firefox 3.0.9, and it happens in devtoken.c's > find_objects()'s invocation of C_FindObjects(). The args passed to this > call are the same for us and firefox (session->handle is the default > 16777217, numhandles=0, arraysize=1), but firefox gets a returned object > count of 1 while we get 0. So, it's searching for an object that is there in one case but not the other. Odds are good that, whatever code is supposed to have put the object there, did so in one case and not in the other. > I'm guessing that our embedding case is missing something that would result > in the default session having the object it's looking for, but I have no > idea what it is. Can anyone suggest what it would be? And if additional > info would be helpful then please let me know. Without looking, I think the probability is extremely high that it is looking for the certificate object, or perhaps the certificate trust object. With a stack back-trace of the stack at the point in C_FindObjects where this difference occurs, it should be pretty easy to tell exactly what it was looking for. A dump of the values of the attribute array passed to C_FindObjects, and any referenced data buffers, would also tell us a bunch. > Thanks in advance for your help! > Grant -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
