Client@tor browser bundle: nss fails to deploy private key

[manpages]

Not being aware of how NSS works with keypairs and how gentlemen from the torproject tweaked firefox I have decieded to open that issue. Tor browser bundle is a great thing and if we could figure out how to run convergence on top of it, it would be even more awesome. The error upon startup is the good old -8037 (log below)

Generating new ca certificate..
KeyPair generation error: -8037
Initializing error: Error generating keypair! , undefined

sadly, I have no time to debug/workaround that thing atm, so any insights on what's happening are appreciated.

[manpages]

what I've done to reproduce it:

git pull ...convergence
zip -r a.zip ./client/*

Then installed add-on from the local source.

[ewanm89]

Possibly a duplicate or variation of #62.

[manpages]

I believe it's not. As #62 was a duplicate of my #22 which I have analyzed and successfully workarounded. So it could be a duplicate if and only if gentlemen from torproject are holding key pairs of the firefox distro they ship in somehow inaccessible way. If there are some Tor browser bundle users/enthusiasts I'd be happy if you had a closer look at this issue. I think that I'll join the work at that one this Saturday.

---

Jonn Mostovoy, DA234FE7

[DuMuT6p]

I second your opinion. Convergence should support TBB too; Now, Im far from an expert on the topic, but can the problem be from tor using SOCKS? I wont have time for development, but I`m willing to help with testing.

[ewanm89]

No, that would just have convergence pushing stuff through the SOCKS 5 proxy for it's own connections.

[manpages]

Is it is officially confirmed by TBB authors they have made some tweaks to NSS which makes the work at this issue more challenging and interesting. If somebody has time to look through that thing I'll link you to the changes made to NSS by TBB authors. See src/current-patches/ in branch maint-2.2 of https://gitweb.torproject.org/torbrowser.

---

Jonn Mostovoy, DA234FE7

[manpages]

I'd say that we might want to have a closer look at the file named

0003-Make-Intermediate-Cert-Store-memory-only.patch

here: https://gitweb.torproject.org/torbrowser.git/tree/maint-2.2:/src/current-patches

---

Jonn Mostovoy, DA234FE7

[manpages]

Mwahaha, doing random things rules! I've put a master password on my TBB distribution and guess what? KeyPair was successfully initialized. Now what I get is that convergence stalls at the "Page loading" state and dies on timeout, which is the same behaviour I experience both on Win7 and linuxes with a vanilla firefox installation that uses torbutton. I wonder how the guys from the "How well does it play with Tor" issue managed to get Convergence to work with Tor. Please confirm that it generates keypair successfully and I'll close the issue.

---

Jonn Mostovoy, DA234FE7

[DuMuT6p]

You say, when you PUT up a master password it starts to function? For some reason(dont know if its TBB or an update of convergence) on first start it asks me for a master password and if I set one, it doesn`t load any pages. When I turn off master password it is all OK(Verified by:Convergence and everything)

[manpages]

Okay, with Dimitry's help I managed to workaround that one. Steps that worked for me: 1) git clone Convergence >= 0.6 2) zip it and install it from local source 3) set master password (makes keypair generation possible as sid77 fixed it to work with master password) 4) remove master password 5) restart TBB.

I believe that it is somehow logical workaround, thus I'll close this issue. Still looking forward to read stuff about how did other guys get it working with torbutton.

---

Jonn Mostovoy, DA234FE7

[manpages]

We had a talk at the #tor channel and concluded that "workaround is not a fix", so I'll reopen the issue, though I'd say that it's not a top priority. Imho any fixes/modifications to the ff addon are obsolete at the moment because it's fairly usable since 0.03

---

Jonn Mostovoy. DA234FE7