Open
Bug 1195917
Opened 10 years ago
Updated 2 years ago
modutil throws confusing error message when touches sql database without a prefix
Categories
(NSS :: Tools, defect, P5)
NSS
Tools
Tracking
(firefox43 affected)
NEW
| Tracking | Status | |
|---|---|---|
| firefox43 | --- | affected |
People
(Reporter: elio.maldonado.batiz, Assigned: rrelyea)
References
()
Details
As reported downstream for RHEL-7 by Aleš Mareček:
Aleš Mareček 2014-01-14 09:12:22 EST
Description of problem:
modutil throws confusing error message when touches sql database without a prefix. It says the database is an old format what is not really true because the database is in new format (sql), the error message is just confusing. The scenario is about user that touches the database without any prefix (nor variable set) that means the user tries to use the old format of nss database that is not available.
Version-Release number of selected component (if applicable):
nss-3.15.3-4.el7
nss-tools-3.15.3-4.el7
How reproducible:
Always
Steps to Reproduce:
1. Create a nss database in new format: certutil -N -d sql:${HOME}/.pki/nssdb
(you should see cert9.db and key4.db files there).
2. List modules without nssdbprefix: modutil -list -dbdir ${HOME}/.pki/nssdb
Actual results:
modutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
Expected results:
For example: modutil: function failed: SEC_ERROR_LEGACY_DATABASE: The old unsupported format of certificate/key database is not available.
Additional info:
i:ppc64|m:ppc64 root@ibm-p730-04-lp5 [tmp.L2vnu7aNin]# ls -la /root/.pki/nssdb
total 32
drwxr-xr-x. 2 root root 70 Jan 14 08:24 .
drwxr-xr-x. 3 root root 18 Jan 14 08:24 ..
-rw-------. 1 root root 9216 Jan 14 08:24 cert9.db
-rw-------. 1 root root 11264 Jan 14 08:24 key4.db
-rw-r--r--. 1 root root 2 Jan 14 08:24 nsspassword
-rw-------. 1 root root 423 Jan 14 08:24 pkcs11.txt
i:ppc64|m:ppc64 root@ibm-p730-04-lp5 [tmp.L2vnu7aNin]# modutil -list -dbdir /root/.pki/nssdb
modutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
i:ppc64|m:ppc64 root@ibm-p730-04-lp5 [tmp.L2vnu7aNin]# modutil -list -dbdir sql:/root/.pki/nssdb
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
-----------------------------------------------------------
|
Reporter | |
Updated•10 years ago
|
|
||
Comment 1•9 years ago
|
||
Maybe Bob could advise on this bug, or make suggestions/patches towards a solution?
Assignee: nobody → rrelyea
|
|
||
Comment 2•9 years ago
|
||
Is the primary complaint here, that NSS doesn't automatically detect what database format is being used in the directory?
It seems the only suggestion is to provide a better error code/message, correct?
|
||
Comment 3•9 years ago
|
||
Yes, better error message is the primary driver. As autodetection would need to favour one format over the other and you can have both sql and dbm in the same folder, leading to changed/confusing behaviour after upgrade.
That being said, to say what kind of error message is necessary, may require at least some heuristic to say if the files in folder contain dbm or sql database...
|
||
Updated•3 years ago
|
Severity: normal → S3
|
||
Updated•2 years ago
|
Severity: S3 → S4
Priority: -- → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•