Closed
Bug 1396137
Opened 7 years ago
Closed 7 years ago
update broken-fips-pkcs#11-module-db-handling-code for when we use the sqlite-backed databases
Categories
(Core :: Security: PSM, defect, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla57
Tracking | Status | |
---|---|---|
firefox57 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
Details
(Whiteboard: [psm-assigned])
Attachments
(1 file)
NSS behaves slightly differently when using the sqlite-backed databases. In particular, the error code returned when FIPS can't be enabled on startup is different. Also, the name of the pkcs#11 module db file is different. See upcoming patch.
Comment hidden (mozreview-request) |
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8903826 [details]
bug 1396137 - update broken fips pkcs#11 module db handling code for when we use the sqlite-backed databses
https://reviewboard.mozilla.org/r/175586/#review180670
OK, looks fine.
::: security/manager/ssl/nsNSSComponent.cpp:1922
(Diff revision 1)
> if (!safeMode && (savedPRErrorCode1 == SEC_ERROR_LEGACY_DATABASE ||
> - savedPRErrorCode2 == SEC_ERROR_LEGACY_DATABASE)) {
> + savedPRErrorCode2 == SEC_ERROR_LEGACY_DATABASE ||
> + savedPRErrorCode1 == SEC_ERROR_PKCS11_DEVICE_ERROR ||
> + savedPRErrorCode2 == SEC_ERROR_PKCS11_DEVICE_ERROR)) {
Honestly, this is getting a bit ugly, but I'm-a gonna let it pass for this, it's short-ish term hackery, .... right? A few ESRs from now this will be gone...
Attachment #8903826 -
Flags: review?(jjones) → review+
Assignee | ||
Comment 3•7 years ago
|
||
Well, hopefully. We can probably at least simplify it when we've actually transitioned to the sqlite dbs. Anyway, thanks!
Assignee | ||
Comment 4•7 years ago
|
||
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2b0d4df90489
update broken fips pkcs#11 module db handling code for when we use the sqlite-backed databses r=jcj
Comment 6•7 years ago
|
||
Backed out for build bustage, at least on Android at security/manager/ssl/nsNSSComponent.cpp:1915: 'savedPRErrorCode1' was not declared in this scope etc:
https://hg.mozilla.org/integration/autoland/rev/2adbaf665a26354a7abced57248a05fc4f27d854
Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=2b0d4df90489db8e1922c28cf3c9fc973ce86d0b&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=runnable
Build log: https://treeherder.mozilla.org/logviewer.html#?job_id=128594747&repo=autoland
/builds/worker/workspace/build/src/security/manager/ssl/nsNSSComponent.cpp:1915:57: error: 'savedPRErrorCode1' was not declared in this scope
/builds/worker/workspace/build/src/security/manager/ssl/nsNSSComponent.cpp:1916:12: error: 'savedPRErrorCode2' was not declared in this scope
Flags: needinfo?(dkeeler)
Comment hidden (mozreview-request) |
Assignee | ||
Comment 9•7 years ago
|
||
New flavor, now with even more Android: https://treeherder.mozilla.org/#/jobs?repo=try&revision=944ae2d71b59
Comment 10•7 years ago
|
||
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/35df0b24828d
update broken fips pkcs#11 module db handling code for when we use the sqlite-backed databses r=jcj
Comment 11•7 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox57:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in
before you can comment on or make changes to this bug.
Description
•