Closed
Bug 305493
Opened 19 years ago
Closed 10 months ago
After upgrading Thunderbird, cert8.db has no records, not even a version record
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: jondarrer, Unassigned)
References
Details
Attachments
(7 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 Since upgrading from version 1.0.2 to 1.0.6, my Gmail account cannot connect to the server using the required ssl security mechanism. I get the above dialog box followed by notification that Thunderbird cannot connect to my Gmail account. Reproducible: Always Steps to Reproduce: 1. Install old version of Thunderbird. 2. Configure gmail account using required ssl security. 3. Upgrade to 1.0.6. 4. Get mail for Gmail account. Actual Results: I got the above dialog box each time the application tried to connect to my Gmail account. Expected Results: Connected to Gmail using ssl security and checked account. Following Thomas M. Turner's tip at 'http://www.uni.edu/turnert/2005/02/thunderbird-error-could-not-initialize.html' I got rid of the problem. However, this isn't a very good work around and the bug should be fixed.
(In reply to comment #0) > Following Thomas M. Turner's tip at > 'http://www.uni.edu/turnert/2005/02/thunderbird-error-could-not-initialize.html' > I got rid of the problem. However, this isn't a very good work around and the > bug should be fixed. Here is the text from above URL: Thunderbird error: Could not initialize the browser's security component A few of our Mozilla Thunderbird e-mail client users didn’t have their IMAP account setting set to "Use secure connection (SSL)". It’s an easy enough change to make, just a single check-box, usually anyway. Unfortunately, one of our users would make the change only to get this error box pop-up: Alert: Could not initialize the browser’s security component. It was followed by another error box saying that SSL was disabled. I did a search on Mozilla’s site, with no reference to this error. Google gave me only one reference that there was probably something wrong with the user's Thunderbird profile certificates, probably due to Thunderbird having imported from a previous Netscape 6 or 7 profile. So, I closed out Thunderbird, went into that user’s Thunderbird profile folder and moved out the cert8.db file. That appears to have done the trick.
Version: unspecified → 1.0
|
||
Comment 2•19 years ago
|
||
*** This bug has been marked as a duplicate of 208355 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
|
||
Comment 3•19 years ago
|
||
Jonathan, Do you still have the cert8.db file that you believe caused the problem? Is that the only file you changed? Or did you also move key3.db and/or secmod.db ? Please attach to this bug any of the .db file that you moved/changed in order to work around this. If you do so, I may reopen this bug, and mark bug 208355 as a duplicate of this one.
|
||
Comment 4•19 years ago
|
||
I had this problem with firefox 1.0.7 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
|
||
Comment 5•19 years ago
|
||
I had the same problem. Upgraded from an older Thunderbird to 1.0 & saw this. Didn't use it for many months & then grabbed 1.5B2 & still saw it. I moved cert8.db to cert8.zip and launched Thunderbird...this problem went away (a new cert8.db was created by Thunderbird). I'll attach the cert8.db that caused the problem. I will attach it in a .zip file. This needs to be reopened as per comment #3.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
|
|
||
Comment 7•19 years ago
|
||
|
||
Comment 8•19 years ago
|
||
in comment 3 nelson sounded interested in this one
Assignee: dveditz → nelson
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
||
Comment 9•19 years ago
|
||
Thanks for the DBs. I examined them, and found that they are completely empty DBM DBs. They contain NO records, not even the cert DB version number record. The number of DBM "keys" (meaning DB records) is zero. So the question is: how can a DB get into that state? Can NSS somehow trash an existing cert DB so that it no longer contains any records? Can NSS create a DB and then fail before writing the first (version) record into it? (I'd sooner suspect the latter than the former) A web site cited above suggests that this is somehow related to TBird users upgrading from a Netscape 6 or 7 installation. If only TBird users see this (and not FireFox users), then one wonders if TBird does anything unusual in migrating those DBs. Bob, You're looking at NSS's DBs. Do you want to look at this?
|
||
Comment 10•19 years ago
|
||
I had this bug until I found an article on the net mentioning the cert8.db issue. I renamed Thunderbird's cert8.db and started it again, and everything was fine.
|
||
Comment 11•19 years ago
|
||
When I removed this file from my Profile in Thunderbird, it fixed this browser security/ssl error
|
|
||
Comment 12•19 years ago
|
||
Thanks for the extra databases. They all show the same thing. The database is empty, containing zero records (zero "keys" in DB speak). We don't need any more databases now. We just need to understand how a DB gets into this state, namely, a valid, newly created DB with no records in it, not even a version reccord. My guess is that this happens as some kind of a failure during the creation of a cert8.db. One guess is that it is a failure that occurs while trying to upgrade a lower numbered cert DB (e.g. cert5, or cert7) to cert8. Rich, Ethan Jonathan, do any of you have cert7.db files? Were any of you converting a profile from an older version of Netscape Communicator or Netscape Navigator to a revent Mozilla-branded browser?
|
||
Comment 13•19 years ago
|
||
I have thunderbird 1.0.7, yesterday it worked OK, but today when sending a mail via asmtp (smtp with username and password) no ssl involved I got the above message about the browser security component. I renamed cert8.db to cert8.old and reimported a personal certificate that resides inside. Now it works OK. I moved recently (about a month) from mozilla mail to thunderbird so the profile got imported from mozilla, but worked OK until today. I haven't done anything unusual to cause cert8.db to become corrupt, I don't usually send the mails signed neither encrypted so I haven't used the security features this week. The size of the corrupt cert8.db is 279484 bytes, the new one with my personal certificate reimported is 65536 bytes.
|
|
||
Comment 14•19 years ago
|
||
I can give a partial analysis of the corrupt cert8.db:
db1_dump185 -p cert8.db.old
format=print
type=hash
h_ffactor=31
db_lorder=1234
db_pagesize=16384
HEADER=END
\030\81\921\0b0\09\06\03U\04\06\13\02ZA1\150\13\06\03U\04\08\13\0cWestern
Cape1\
120\10\06\03U\04\07\13\09Cape
Town1\0f0\0d\06\03U\04\0a\13\06Thawte1\1d0\1b\06\0
3U\04\0b\13\14Certificate Services1(0&\06\03U\04\03\13\1fPersonal
Freemail RSA 2
000.8.30
[snip some records]
then the last record it's my personal certificate, it ends ok, or so it seems compared to the previous records and then it comes a bunch of \00 that makes db1_dump185 segfault.
In the correct cert8.db the only obvious difference it's that h_ffactor is 65536 and that now there are only two certificates, my personal one and other one from a previous signed email.
The strace of db1_dump185 -f output -p cert8.db.old is:
open("cert8.db.old", O_RDONLY) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0600, st_size=279484, ...}) = 0
read(3, "\0\6\25a\0\0\0\2\0\0\4\322\0\0@\0\0\0\0\16\0\0\1\0", 24) = 24
close(3) = 0
stat64("cert8.db.old", {st_mode=S_IFREG|0600, st_size=279484, ...}) = 0
open("cert8.db.old", O_RDONLY) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "\0\6\25a\0\0\0\2\0\0\4\322\0\0@\0\0\0\0\16\0\0\1\0\0\0"...,
260) = 260
fstat64(1, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7ee0000
lseek(3, 16384, SEEK_SET) = 16384
read(3, "\30\0j?@>*>\237=b=c9Q9\3468\2518\3644\3414a4$4?0,0"..., 16384)
= 16384
lseek(3, 32768, SEEK_SET) = 32768
read(3, "RIFF\264\303\3\0WAVEfmt \20\0\0\0\1\0\2\0D\254\0\0\20\261"...,
16384) = 16384
write(1, "format=print\ntype=hash\nh_ffactor"..., 131072) = 131072
write(1, "00\\00\\00\\00\\00\\00\\00\\00\\00\\00\\00"..., 131072) = 131072
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
The third instruction from the end, it's reading "RIFF\264\303\3\0WAVEfmt" it's the header of a wav file.
xxd cert8.db.old
[...]
0007fb0: 0654 6861 7774 6531 1d30 1b06 0355 040b .Thawte1.0...U..
0007fc0: 1314 4365 7274 6966 6963 6174 6520 5365 ..Certificate Se
0007fd0: 7276 6963 6573 3128 3026 0603 5504 0313 rvices1(0&..U...
0007fe0: 1f50 6572 736f 6e61 6c20 4672 6565 6d61 .Personal Freema
0007ff0: 696c 2052 5341 2032 3030 302e 382e 3330 il RSA 2000.8.30
0008000: 5249 4646 b4c3 0300 5741 5645 666d 7420 RIFF....WAVEfmt
0008010: 1000 0000 0100 0200 44ac 0000 10b1 0200 ........D.......
0008020: 0400 1000 6461 7461 90c3 0300 1600 1700 ....data........
0008030: 1800 1700 1600 1600 1200 1500 1200 1000 ................
[...]
So it seems that I have a wav file attached to the end of cert8.db.old, after playing with split and cat I can assure that the wav file it's my newmail sound byte by byte. The bytes from 32768 to the end of the file belong to a copy of my newmail sound wich is 246716 bytes long, the file is "RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz".
At this point I don't know what to say except that I didn't put it there.
I'm using thunderbird 1.0.7 (20051217), linux kernel 2.6.14 sound system is using alsa with dmux so I can have multiple applications playing sound without blocking, as thunderbird is using OSS I have the OSS emulation modules loaded.
|
|
||
Comment 15•19 years ago
|
||
Jorge, your problem is clearly different than the others reported in this bug. Your bug has a cert8.db file corrupted by being partially overwritten by the contents of a wav file. All the others reported here have empty databases, not corrupted, but merely lacking any records. Those are quite different and likely to have different causes. Please file a new bug about your experience. Please attach your corrupted cert8.db file to the new bug you create. Thanks.
|
|
||
Comment 16•19 years ago
|
||
Done, it's bug 322113 "could not initialize the brower's security component" dialog shows because cert8.db is corrupt.
|
||
Comment 17•19 years ago
|
||
I had the same problem with firefox 1.5 . The problem occured when copying a working firefox install onto a usb flash disk. I repeated the copy process several times with always the same reuslts, until removing the attached file seemed to resolve it. Because I repeated the copy process several times, I am assuming it is not a problem with a corrupt flash disk. I hope this helps.
|
|
||
Comment 18•19 years ago
|
||
Comment on attachment 208490 [details]
partially overwritten cert8.db
Nick C's cert DB appears to have been partially overwritten.
The file's header shows that the file had one record in it,
consistent with a newly created and initialized, but otherwise
unused cert DB. However, beginning at the 25KB offset into
the file (in the middle of the second "page"), until the end of
the file, it now contains apparently random binary data,
containing no recognizable strings or DER encodings.
So I'd say this file is more like Jorge's than like the other
files attached to this bug, because it is overwritten, not
merely empty. But it differs from Jorge's in two ways:
1. The overwriting begins in the middle of a page, not on a
page bounary, and
2. The file's length was not extended. It is still 64KB long,
consistent with a cert DB that had only one record in it.
Attachment #208490 -
Attachment description: cert8.db causing the problem → partially overwritten cert8.db
|
|
||
Comment 19•19 years ago
|
||
Nick C, after you copied the working FireFox profile to a flash drive, was it the case that the copy on disk still worked OK, and the copy on the flash drive did not? Or did both copies stop working at that point? If the copy on disk kept working, it would be useful to have a copy of it, to compare with the corrupted version on the flash drive. This bug report is for Thunderbird, but your problem was with FireFox, right? If so, then we really should open a separate bug about your case.
|
||
Comment 20•19 years ago
|
||
This file is the same size as the newly created cert8.db that Firefox generated after the removing the old file. We are running Firefox 1.0.6 on Solaris10.
|
|
||
Comment 21•18 years ago
|
||
I'm turning this into an NSS bug. It's been over a year since this bug was updated, so I suspect that the problem is no longer occurring. So, maybe we will never know why it occurred.
Assignee: nelson → nobody
Component: Security → Libraries
Product: Thunderbird → NSS
QA Contact: thunderbird → libraries
Summary: "could not initialize the brower's security component" dialog is displayed when trying to connect to mail server using security features (ssl) → After upgrading Thunderbird, cert8.db has no records, not even a version record
Version: 1.0 → unspecified
|
||
Comment 22•16 years ago
|
||
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•10 months ago
|
Status: NEW → RESOLVED
Closed: 19 years ago → 10 months ago
Priority: -- → P3
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•