Closed
Bug 1396137
Opened 6 years ago
Closed 6 years ago
update broken-fips-pkcs#11-module-db-handling-code for when we use the sqlite-backed databases
Categories
(Core :: Security: PSM, defect, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla57
Tracking | Status | |
---|---|---|
firefox57 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
Details
(Whiteboard: [psm-assigned])
Attachments
(1 file)
NSS behaves slightly differently when using the sqlite-backed databases. In particular, the error code returned when FIPS can't be enabled on startup is different. Also, the name of the pkcs#11 module db file is different. See upcoming patch.
Comment hidden (mozreview-request) |
Comment 2•6 years ago
|
||
mozreview-review |
Comment on attachment 8903826 [details] bug 1396137 - update broken fips pkcs#11 module db handling code for when we use the sqlite-backed databses https://reviewboard.mozilla.org/r/175586/#review180670 OK, looks fine. ::: security/manager/ssl/nsNSSComponent.cpp:1922 (Diff revision 1) > if (!safeMode && (savedPRErrorCode1 == SEC_ERROR_LEGACY_DATABASE || > - savedPRErrorCode2 == SEC_ERROR_LEGACY_DATABASE)) { > + savedPRErrorCode2 == SEC_ERROR_LEGACY_DATABASE || > + savedPRErrorCode1 == SEC_ERROR_PKCS11_DEVICE_ERROR || > + savedPRErrorCode2 == SEC_ERROR_PKCS11_DEVICE_ERROR)) { Honestly, this is getting a bit ugly, but I'm-a gonna let it pass for this, it's short-ish term hackery, .... right? A few ESRs from now this will be gone...
Attachment #8903826 -
Flags: review?(jjones) → review+
![]() |
Assignee | |
Comment 3•6 years ago
|
||
Well, hopefully. We can probably at least simplify it when we've actually transitioned to the sqlite dbs. Anyway, thanks!
![]() |
Assignee | |
Comment 4•6 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=573ae110cc35
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2b0d4df90489 update broken fips pkcs#11 module db handling code for when we use the sqlite-backed databses r=jcj
![]() |
||
Comment 6•6 years ago
|
||
Backed out for build bustage, at least on Android at security/manager/ssl/nsNSSComponent.cpp:1915: 'savedPRErrorCode1' was not declared in this scope etc: https://hg.mozilla.org/integration/autoland/rev/2adbaf665a26354a7abced57248a05fc4f27d854 Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=2b0d4df90489db8e1922c28cf3c9fc973ce86d0b&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=runnable Build log: https://treeherder.mozilla.org/logviewer.html#?job_id=128594747&repo=autoland /builds/worker/workspace/build/src/security/manager/ssl/nsNSSComponent.cpp:1915:57: error: 'savedPRErrorCode1' was not declared in this scope /builds/worker/workspace/build/src/security/manager/ssl/nsNSSComponent.cpp:1916:12: error: 'savedPRErrorCode2' was not declared in this scope
Flags: needinfo?(dkeeler)
Comment hidden (mozreview-request) |
![]() |
Assignee | |
Comment 9•6 years ago
|
||
New flavor, now with even more Android: https://treeherder.mozilla.org/#/jobs?repo=try&revision=944ae2d71b59
Comment 10•6 years ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/35df0b24828d update broken fips pkcs#11 module db handling code for when we use the sqlite-backed databses r=jcj
![]() |
||
Comment 11•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/35df0b24828d
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox57:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in
before you can comment on or make changes to this bug.
Description
•