Closed Bug 237982 Opened 20 years ago Closed 18 years ago

plain migration of Mozilla profile makes SSL component unusable

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 176501

People

(Reporter: nospam, Assigned: KaiE)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113

First, it might be just an issue when upgrading from M 1.1 to M 1.6, couldn't
test it with others.

After full removal and fresh install of 1.6 Mozilla correctly found and opened
my user profile in my homedir. However all SSL related functions were disabled
with this error: "Could not initialize browser's security component..." I used
the tarball auto-installer.

Suggested permissions or disk space problems were not the cause.


Reproducible: Always
Steps to Reproduce:
1. Full removal of old version, keeping your user profile intact
2. Fresh install of M 1.6
3. Start it, choose your old profile and voila - no SSL functions

Actual Results:  
In Prefs --> Security --> Master pwd --> Change pwd there was no Security device
to select, no chance of entering or changing your master password and gaining
access to your stored security credentials. As well as disabled access to all
ciphered websites and mailboxes.

Expected Results:  
Either perform my simple solution below automagically or offer a proper profile
migration or at least warn that such an issue might arise.

After few hours of silly test & try I found a solution - of course I didn't want
to lose all my user settings and even saved security data:

1. deleting "secmod.db" and "secmodule.db" in your old profile dir
2. copy "secmod.db" from a fresh profile created by M 1.6 to your old profile dir
Duplicate symptoms, platform WinXP, Mozilla 1.7 RC1.
Upgraded from Moz 1.6 to 1.7b, no problem.
Upgraded from Moz 1.7b to 1.7rc1, disabled security module.

Analysis: the secmod.db file referenced:
C:\Program Files\Common Files\mozilla.org\GRE\1.7b_2004031616\nssckbi.dll
whereas a freshly created Profile secmod.db referenced:
C:\Program Files\Common Files\mozilla.org\GRE\1.7b_2004042109\nssckbi.dll

Solution: copied the latter over the former secmod.db.
The upgrade removed the older .dll, but the migration did not update secmod.db.

Note that my PC has SmartCard options in the BIOS,
and that my default security module was NOT "Software Security Device".
(In reply to comment #0)

Just one more detail to the orig. descr.:

I was using before as well as after the unsuccessful migration the internal
Software Security Device.

So then, according to David's experience, this bug is obviously not specific to
the type of security device one is using.
Summary: plain migration of profile to 1.6 makes SSL component not to start → plain migration of Mozilla profile makes SSL component unusable
From the way you describe the behaviour, the problem is with NSS, I think.

Looks like modern versions of NSS do not behave correctly when having to deal
with some old versions of security databases.
Assignee: kaie → wtchang
Component: Client Library → Build
Product: PSM → NSS
QA Contact: bmartin → wtchang
Assignee: wtchang → nobody
QA Contact: wtchang → build
Component: Build → Libraries
QA Contact: build → libraries
NSS must be CONFIGURED by the application (on behalf of the user) to know 
which PKCS#11 "modules" to use.  NSS provides the API by which this configuration is performed, but the appliation must do it.  

That configuration is stored in file secmod.db in a directory whose name is 
supplied by the aplication.  NSS itself is not reponsible for being self-configuring.  

If the appliation configures NSS to use a certain shared library in a 
certain directory, and then the application (through an "upgrade" or 
"migration" chooses to MOVE that shared library to another directory, it is 
the responsibility of that application to reconfigure NSS (NSS's secmod.db) 
to use the new directory.  

So, this bug in an application migration issue, not an NSS bug.

Application hints:

Note that one option is to configure NSS to use a shared library by its
simple file name, not the full path name.  Then if the shared lib can 
be found in the PATH (on Windows) or the LD_LIBRARY_PATH (or equivalent)
on Unix, it will load without the full path name being configured.  
And if the file is moved, but remains in the path (or the path is changed
to include the new directory) then the secmod.db need not be changed for
migration.  

Also, IINM, on windows, the directory where the executable lives is 
always implicitly at the head of the library path, so if the secmod.db
contains the simple file name (not a path name) and the file is with the
executable, it should just work, IIRC.  

I'm giving this bug back to PSM, the component of mozilla browsers that 
interfaces with NSS.  Perhaps it should be given to another component 
(e.g. "migration" if that is one).
Component: Libraries → Security: PSM
Product: NSS → Core
Version: unspecified → 1.8 Branch
Assignee: nobody → kengert
QA Contact: libraries
OS: Linux → All
Hardware: PC → All
Version: 1.8 Branch → Trunk
this might be a duplicate of the bug(s) about locked nssckbi.dll
I think this is a dup of bug 176501, or vice versa.

*** This bug has been marked as a duplicate of 176501 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.