81429 - Default CA are not loaded when using RPMs

Status: VERIFIED DUPLICATE of bug 79318

(SeaMonkey :: Build Config, defect)

Description

[Frederic Crozat]

Remove your ~/.mozilla.

When using official 0.9 RPMs (for RedHat 6 or RedHat 7), (with mozilla and
mozilla-psm installed), access Preferences/Securities/Manage Certifciates/CA
Certificates, there is no certificates in the list. Accessing any HTTPS site
popups a warning about unknown Certification Authority.

Using official Mozilla tarball, this problem doesn't appear..

There seems to be a problem when building PSM2 or NSS for RPM

Comment 1

[Christopher Blizzard (:blizzard)]

Interesting.  It works in a tip build from a build that I did myself.  I'm going
to generate a daily rpm and see if the problem is still there.  The panels that
you are talking about weren't done in 0.9 and are still a work in progress iirc.

Comment 2

[Frederic Crozat]

The problem is not only in CA panels but builtins CA load :
when trying to access https sites, all certificates appears to be signed
by untrusted CA, since builtins CA has not been loaded. And that is 
scary for end users..

For the record, I have the same problem with RPMs I generated for
Linux-Mandrake (our specfile is partially based on your specfile)

Comment 3

[Frederic Crozat]

I've found where the problem is :

In nsNSSComponent (line 266
:http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSComponent.cpp#216)
, mozilla process dir (ie MOZILLA_FIVE_HOME dir) is used to load libnssckbi.so

But with Mozilla 0.9 rpms, libnssckbi.so is now located in /usr/lib instead of
/usr/lib/mozilla (ie MOZILLA_FIVE_HOME dir)

Bad workaround : symlinking /usr/lib/libnssckbi.so to /usr/lib/mozilla/libnssckbi.so

Good workaround : correct code but I'm not sure how to do it to be sure it works
when using both rpms and tarball

Comment 4

[Christopher Blizzard (:blizzard)]

Duplicate.  This is fixed with recent rpms.

*** This bug has been marked as a duplicate of 79318 ***

Comment 5

[Jon Granrose]

verified.