Bug 1419721 - SECMOD_CanDeleteInternalModule() should return false when build doesn't support FIPS r?franziskus
45 bytes, text/x-phabricator-request
|Details | Review|
PSM uses SECMOD_CanDeleteInternalModule() to check whether FIPS can be toggled or not. If the NSS build doesn't support FIPS (as is the case with the one that we ship) this should always return false. There is no point in trying to remove the internal module only to fail and then switch back. We only support removing the internal module to switch between FIPS and non-FIPS mode.
Assignee: nobody → ttaubert
Status: NEW → ASSIGNED
Comment on attachment 8930861 [details] Bug 1419721 - SECMOD_CanDeleteInternalModule() should return false when build doesn't support FIPS r?franziskus Franziskus Kiefer [:fkiefer or :franziskus] has approved the revision. https://phabricator.services.mozilla.com/D271#6624
Attachment #8930861 - Flags: review+
Status: ASSIGNED → RESOLVED
Last Resolved: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 3.35
This is going to prevent NSS from landing in Firefox because of this: https://dxr.mozilla.org/mozilla-central/rev/960f50c2e0a991ab2ab313132e69fb2c96cb7866/security/manager/ssl/tests/unit/test_pkcs11_module.js#126 Do we have to disable that test?
Yeah, we hit that in bug 1420060 already. Franziskus has a simple fix though: https://hg.mozilla.org/try/rev/d9c8a082eac8387df85f9553d8b7b9822ea256d9
You need to log in before you can comment on or make changes to this bug.