Closed
Bug 1982807
Opened 8 months ago
Closed 1 month ago
explicit migration fail with nss 3.113.1 => 3.114
Categories
(NSS :: Tools, defect)
NSS
Tools
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 2012547
People
(Reporter: slev, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; Chromium GOST) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Steps to reproduce:
About the migration:
https://bugzilla.mozilla.org/show_bug.cgi?id=1415912
https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql#Upgrade.2Fcompatibility_impact
With nss update (3.113.1 => 3.114) explicit migration from legacy db (dbm) to sql fail if the following steps are used:
nssdir="$(mktemp -d)"
pwdfile="$nssdir/pwdfile.txt"
noisefile="$nssdir/noise"
echo -n Secret123 > "$pwdfile"
openssl rand -out "$noisefile" 2048
certutil -N -d "dbm:$nssdir" -f "$pwdfile"
certutil -d "dbm:$nssdir" -S -x -z "$noisefile" -t 'CT,C,C' -s 'CN=testcert' -n testcert -f "$pwdfile"
certutil -d "dbm:$nssdir" -L -f "$pwdfile"
# migration
certutil -N -d "sql:$nssdir" -f "$pwdfile" -@ "$pwdfile"
certutil -d "sql:$nssdir" -L -f "$pwdfile"
Actual results:
results for nss 3.114:
++ mktemp -d
+ nssdir=/usr/src/tmp/tmp.3Trw2LQWSI
+ pwdfile=/usr/src/tmp/tmp.3Trw2LQWSI/pwdfile.txt
+ noisefile=/usr/src/tmp/tmp.3Trw2LQWSI/noise
+ echo -n Secret123
+ openssl rand -out /usr/src/tmp/tmp.3Trw2LQWSI/noise 2048
+ certutil -N -d dbm:/usr/src/tmp/tmp.3Trw2LQWSI -f /usr/src/tmp/tmp.3Trw2LQWSI/pwdfile.txt
+ certutil -d dbm:/usr/src/tmp/tmp.3Trw2LQWSI -S -x -z /usr/src/tmp/tmp.3Trw2LQWSI/noise -t CT,C,C -s CN=testcert -n testcert -f /usr/src/tmp/tmp.3Trw2LQWSI/pwdfile.txt
Generating key. This may take a few moments...
+ certutil -d dbm:/usr/src/tmp/tmp.3Trw2LQWSI -L -f /usr/src/tmp/tmp.3Trw2LQWSI/pwdfile.txt
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
testcert u,u,u
+ certutil -N -d sql:/usr/src/tmp/tmp.3Trw2LQWSI -f /usr/src/tmp/tmp.3Trw2LQWSI/pwdfile.txt -@ /usr/src/tmp/tmp.3Trw2LQWSI/pwdfile.txt
Password changed successfully.
+ certutil -d sql:/usr/src/tmp/tmp.3Trw2LQWSI -L -f /usr/src/tmp/tmp.3Trw2LQWSI/pwdfile.txt
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
- certificate is not listed after explicit migration
- original certificate trust attributes are listed as 'u,u,u'
Expected results:
results for nss 3.113.1:
++ mktemp -d
+ nssdir=/usr/src/tmp/tmp.9LeD0f8A8O
+ pwdfile=/usr/src/tmp/tmp.9LeD0f8A8O/pwdfile.txt
+ noisefile=/usr/src/tmp/tmp.9LeD0f8A8O/noise
+ echo -n Secret123
+ openssl rand -out /usr/src/tmp/tmp.9LeD0f8A8O/noise 2048
+ certutil -N -d dbm:/usr/src/tmp/tmp.9LeD0f8A8O -f /usr/src/tmp/tmp.9LeD0f8A8O/pwdfile.txt
+ certutil -d dbm:/usr/src/tmp/tmp.9LeD0f8A8O -S -x -z /usr/src/tmp/tmp.9LeD0f8A8O/noise -t CT,C,C -s CN=testcert -n testcert -f /usr/src/tmp/tmp.9LeD0f8A8O/pwdfile.txt
Generating key. This may take a few moments...
+ certutil -d dbm:/usr/src/tmp/tmp.9LeD0f8A8O -L -f /usr/src/tmp/tmp.9LeD0f8A8O/pwdfile.txt
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
testcert CTu,Cu,Cu
+ certutil -N -d sql:/usr/src/tmp/tmp.9LeD0f8A8O -f /usr/src/tmp/tmp.9LeD0f8A8O/pwdfile.txt -@ /usr/src/tmp/tmp.9LeD0f8A8O/pwdfile.txt
Password changed successfully.
+ certutil -d sql:/usr/src/tmp/tmp.9LeD0f8A8O -L -f /usr/src/tmp/tmp.9LeD0f8A8O/pwdfile.txt
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
testcert CTu,Cu,Cu
- certificate is listed after explicit migration
- original certificate trust attributes are listed as 'CTu,Cu,Cu'
|
||
Updated•1 month ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 1 month ago
Duplicate of bug: 2012547
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•