On 01/13/2011 10:46 AM, Bernhard Thalmayr wrote: > Hi again, > > today I a built a debug version of NSS 3.12.8 (as I haven't found > 3.12.9 yet) I wouldn't expect 3.12.9 to fix the problem, as you seem to be running into a unique issue. > > The issue is still there, but occours much later then with 3.12.5. Hmm, I'm not sure what changes between 3.12.8 and 3.12.5 would generate this.
What is the actual client software you are running? I sounds like someone is overwriting some buffers and causing very bizarre behavior. > > Server (with lib using NSS) ran about 1.5 hours before the issue > occoured. During this time 911 SSL connections have been done. The > last 6 failed (and then I stopped). > > It seems SSLTRACE log has been truncated ... is there a limit? (It > shows much less connections as the lib's log does). > > PKCS#11 logger now seems to be ok, but shows 'CKR_DEVICE_ERRORS' for > other functions as for 3.12.5. > > 822564800[1581690]: C_OpenSession > 822564800[1581690]: slotID = 0x1 > 822564800[1581690]: flags = 0x4 > 822564800[1581690]: pApplication = 0x1884150 > 822564800[1581690]: Notify = 0x30468315 > 822564800[1581690]: phSession = 0x7fffb77fd208 > 822564800[1581690]: *phSession = 0x1884150 > 822564800[1581690]: rv = CKR_DEVICE_ERROR > 822564800[1581690]: C_DigestInit > 822564800[1581690]: hSession = 0x1 > 822564800[1581690]: pMechanism = 0x7fffb77fd260 > 822564800[1581690]: mechanism = CKM_MD5 > 822564800[1581690]: rv = CKR_DEVICE_ERROR > 822564800[1581690]: C_OpenSession > 822564800[1581690]: slotID = 0x1 > 822564800[1581690]: flags = 0x4 > 822564800[1581690]: pApplication = 0x1884150 > 822564800[1581690]: Notify = 0x30468315 > 822564800[1581690]: phSession = 0x7fffb77fd208 > 822564800[1581690]: *phSession = 0x1884150 > 822564800[1581690]: rv = CKR_DEVICE_ERROR > 822564800[1581690]: C_DigestInit > 822564800[1581690]: hSession = 0x1 > 822564800[1581690]: pMechanism = 0x7fffb77fd260 > 822564800[1581690]: mechanism = CKM_SHA_1 > 822564800[1581690]: rv = CKR_DEVICE_ERROR > ... > .. > > Once the 'CKR_DEVICE_ERROR' occoured it seems to be unrecoverable. > > Could this be a file-system problem? That sounds like exactly the behavior of the FIPS token if it hits the unrecoverable error state, but clearly you are using Slot 1, not Slot 3 (the FIPS slot). None of this matches anything I would expect to see with NSS talking to softoken.;(. > > TIA, > Bernhard
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
