$ ls -al /tmp/toast /tmp/toast: No such file or directory $ certutil -N -d /tmp/toast certutil: NSS_Initialize failed: An I/O error occurred during security authorization. certutil should state something to the effect of "certutil: Unable to access /tmp/toast." in the case of the certificate database location not existing or being unable to access the location e.g. bad permissions instead of the generic I/O error message.
QA Contact: bishakhabanerjee → jason.m.reid
Assignee: wtchang → nobody
QA Contact: jason.m.reid → tools
The error comes from a PKCS#11 module (softoken) and there is no specific reason for file access issues. Technically PKCS#11 modules don't even have to use files. So I don't think we can fix this. The best we could do would be to have a better default message.
The mapping of PKCS#11 error numbers onto NSS error codes is way too coarse. Far too many errors map to SEC_ERROR_IO, which is the error code reported here. The mapping of PKCS11 error codes into NSS error codes should also take into account the PKCS11 function that failed. It would be far better to report that C_Initialize failed than some generic IO error. I think this is a real bug, and worthy of fixing. It would reduce the number of inquiries that NSS developers must answer if the error codes were actually descriptive of the problems.
Actually the PKCS #11 errors are pretty coarse in this case. On the other hand, we have special error codes for issues opening the database, I don't know why one of these aren't being used. (though it's most likely to say something like "can't open certdb", and not include any information about what the underlying perror is().
You need to log in before you can comment on or make changes to this bug.