NPE in Buffer.WriteCapacity() #781
Comments
|
I would say that this happens now very frequently, and sometimes multiple times if you re-run the CI for |
|
@ckelleyRH Hmmm I wonder if something has changed in the NSS layer. It might be worth talking to Bob and seeing if downgrading NSS versions helps (around F32's perhaps). |
The NSS dependency has been downgraded temporarily to avoid intermittent CI failures reported in this ticket: dogtagpki#781
The NSS dependency has been downgraded temporarily to avoid intermittent CI failures reported in this ticket: dogtagpki#781
The NSS dependency has been downgraded temporarily to avoid intermittent CI failures reported in this ticket: dogtagpki#781 A dependency to nss-util-devel has also been added to ensure the PKCS11Constants are generated from the right NSS header files.
The NSS dependency has been downgraded temporarily to avoid intermittent CI failures reported in this ticket: dogtagpki#781 Additional dependencies to NSS subpackages have been added to avoid mixing up different NSS versions.
The NSS dependency has been downgraded temporarily to avoid intermittent CI failures reported in this ticket: dogtagpki#781 Additional dependencies to NSS subpackages have been added to avoid conflicts. The PKCS11Constants have to be reverted as well to match the NSS version.
The NSS dependency has been downgraded temporarily to avoid intermittent CI failures reported in this ticket: dogtagpki#781 Additional dependencies to NSS subpackages have been added to avoid conflicts. The PKCS11Constants have to be reverted as well to match the NSS version.
The NSS dependency has been downgraded temporarily to avoid intermittent CI failures reported in this ticket: dogtagpki#781 Additional dependencies to NSS subpackages have been added to avoid conflicts. The PKCS11Constants have to be reverted as well to match the NSS version.
The NSS dependency has been downgraded temporarily to avoid intermittent CI failures reported in this ticket: dogtagpki#781 Additional dependencies to NSS subpackages have been added to avoid conflicts. The PKCS11Constants have to be reverted as well to match the NSS version.
The NSS dependency has been downgraded temporarily to avoid intermittent CI failures reported in this ticket: dogtagpki#781 Additional dependencies to NSS subpackages have been added to avoid conflicts. The PKCS11Constants have to be reverted as well to match the NSS version.
The NSS dependency has been downgraded temporarily to avoid intermittent CI failures reported in this ticket: dogtagpki#781 Additional dependencies to NSS subpackages have been added to avoid conflicts. The PKCS11Constants tests have been temporarily disabled as well.
The NSS dependency has been temporarily downgraded to avoid intermittent CI failures reported in this ticket: dogtagpki#781 Additional dependencies to NSS subpackages have been added to avoid conflicts. The PKCS11Constants tests have been temporarily disabled as well.
|
I created PR #787 as a temporary workaround to avoid CI failures and to unblock QE, and also to help isolate the problem. If the CI no longer breaks with this PR, we can be sure that it's caused by NSS changes. On F33 it will use NSS 3.57, on F34 it will use NSS 3.63. They generate different PKCS11Constants, so the PKCS11Constants tests need to be disabled. |
|
On 7/9/21 1:26 PM, Endi S. Dewata wrote:
I created PR #787 <#787> as a
temporary workaround to avoid CI failures and to unblock QE, and also
to help isolate the problem. If the CI no longer breaks with this PR,
we can be sure that it's caused by NSS changes.
On F33 it will use NSS 3.57, on F34 it will use NSS 3.63. They
generate different PKCS11Constants, so the PKCS11Constants tests need
to be disabled.
Hmm, what does PKCS11Constants do? I don't think there's been any
changes to the PKCS #11 header since 3.57 (unless you include pkcs11n.h)
… —
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#781 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEXMMSJBAUQNHLVMAQ6PFD3TW5LOXANCNFSM47XHNSEA>.
|
|
@rjrelyea We have a tool (written by @cipherboy) that parses the constants from pkcs11t.h and pkcs11n.h and put them into PKCS11Constants.java so they are accessible from Java applications. There are differences between NSS 3.57, 3.63, and 3.67, and we only store one version of PKCS11Constants.java in JSS source, so it's not possible to match it against different NSS versions. |
|
@rjrelyea Just for some context, check out this old Pagure issue: https://pagure.io/jss/issue/26 --- the TL;DR is that JDK used to ship the Java equivalent of It usually isn't a big deal, though we did have a CI test just to remind us to update it every so often. The CI test checks our parsed constants against NSS (generating a bunch of small C compilation units and comparing the values) and also comparing against JDK8 (when run under JKD8 --- JDK9+ removed them from the public package section). Usually they line up, but occasionally I've found bugs in either and reported them as appropriate. :-) However, this all is certainly unrelated to the NPE at hand. The TLS interface doesn't make use of any PKCS#11 constants at all. Edit: And since I realized I forgot to specify what I wanted your input on, @rjrelyea, it was regarding the close of a TLS connection: has anything changed at the NSS or NSPR levels around closing TLS connections recently? Perhaps a lower-level socket gets closed before a higher one reports as closed now, or visa-versa? |
The CI has been modified to ignore a known JSS issue: dogtagpki/jss#781
The CI has been modified to ignore a known JSS issue: dogtagpki/jss#781
The CI has been modified to ignore a known JSS issue: dogtagpki/jss#781
Sometimes the
Buffer.WriteCapacity()throws an NPE:The issue was observed several times in PKI CI, but it does not happen very often. It's not clear whether the
pki ca-user-cert-addcommand has anything to do with it.Relevant code:
@cipherboy wrote:
The text was updated successfully, but these errors were encountered: