Closed Bug 259737 Opened 20 years ago Closed 20 years ago

JavaScript method crypto.signText does not work.

Categories

(Core :: Security, defect)

x86
FreeBSD
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 236335

People

(Reporter: spam, Unassigned)

References

()

Details

Attachments

(1 file)

User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040915 Build Identifier: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040915 When I'm trying to use crypto.signText method to sign the challenge with my Certificate this method returns with error 'error:internalError'. The provided URL is the sample page that uses crypto.signText to reproduce this error. This error lives not only in Mozilla, but in Firebird too. Reproducible: Always Steps to Reproduce: 1. Go to http://rea.mbslab.kiae.ru/ca/sign.html 2. Click the provided link. 3. Choose the certificate to sign the request (at least one certificate should be imported to browser) and press OK. Actual Results: I see JavaScript dialog box that says "Signature cannot be obtained. The error is 'error:internalError'. This dialog box is spawned from my JavaScript code, when signature cannot be obtained. Expected Results: I expect the dialog box with proper PKCS signature of provied challenge. There was Mozilla bug number 29152 that closely related to this bug, and developers says, that now crypto.signText works properly. It's wrong, the functionality is still broken.
wfm with a current cvs trunk build on Win2K
Component: JavaScript Engine → Security: General
Wfm on 1.0PR/OS X. I've had other people contact me about this issue but I've never been able to reproduce the problem.
Can you try signing some text in http://www.t8m.info/verify.php with your certificate? It's a testcase that someone constructed for me when I implemented signText. Can you also try different certificates?
I've tried that URL, it returns the same thing: error:internalError. In fact that script does the same, as my, but I've noticed that URL only after I wrote my own test page. I've tested it with five different certificates (all of those was signed by three different self-signed root certificates), the result is the same. This bug is well known among users of OpenCA software, since it uses crypto.signText functionality. I've just downloaded Mozilla with build ID 2004091605, installed it with "Browser Only" configuration and created new test certificate for it. Things are just the same. I'll attach the key I've used, it's in PKCS12 format, password is 'mozilla'. This is all I can do now.
Export password for certificate is 'mozilla' (without quotes, of course).
Well, that obiously doesn't work because the issuer is unknown. Did you import the issuer's root certificate? If you view the certificate in the certificate manager does it say "<Issuer unknown>" under "Purposes"?
Well, no. When I've imported the issuer's certificate it started to work. So, the functionality is OK now, but what it the reason for importing the issuers certificate? For example when using OpenSSL one does not need any information about the issuer, just private key for signing and public key for verification. In any case, I think, that error:internalError is not very good explanation of this error. Maybe you should change it to some more meaningful message, maybe you should write some documentation about crypto.signText, where all possible error cases will be described?
I'll just mark this as duplicate of the bug that was filed for an enhanced signText API. The error codes are what they are to be backwards compatible (error:noMatchingCert, error:userCancel and error:internalError) with 4.x. There is a doc on the Netscape site somewhere with details. *** This bug has been marked as a duplicate of 236335 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: