[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mozilla-crypto
Subject:    Re: Smart card switching produces "Assertion failure at pk11cert.c"
From:       Nelson Bolyard <nelsonb () netscape ! com>
Date:       2003-07-01 23:13:28
[Download RAW message or body]

rf wrote:
> bob,

Bob is away.

> some changes has been made in opensc pkcs11 module.
> But before commenting that, we would like to ask you a thing:
> NSS_CMSEncoder_Finish fails now under weird circunstances: we have added
> some log in that function. Before the call to
> 'SEC_ASN1EncoderUpdate(p7ecx->exc)' we check the value of 'p7ecx->error'.
> It is 0. Then we check the same value after that function call and is not
> 0, but -12285. The weird thing is that we also log in
> 'SEC_ASN1EncoderUpdate' function and it returns with SECSuccess. How can
> this situation be possible? I mean, that the encoding is ok, but
> p7ecx->error is set != 0 ? 

The PKCS7 decoder and the ASN.1 decoder work together.  The PKCS7 decoder
registers callback functions that are called by the ASN.1 decoder to
process portions of the message.  It is possible for a message to be
correctly ASN.1 encoded but not correctly PKCS7 encoded, or vice versa.
So, it is possible to call the ASN.1 decoder, and get a PKCS7 error as a
result, even though there was no ASN.1 error.

 > Also, I tried to find the definition of error 12285 without success.

http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html#1040292

Although this is an SSL error code, it is also used by NSS in non-SSL
functions.  It seems to mean "certificate not found", such as when
trying to find a certificate on a token that goes with a private key.

> Thanks in advance,
> rf


[prev in list] [next in list] [prev in thread] [next in thread]