RFR: 8165996:PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
mbalao at redhat.com
Fri Mar 16 19:49:52 UTC 2018
This is a simple patch that contains:
1) a fix on the SQL db prefix: it should be sql: instead of sql:/ to avoid
path errors (triggered on a new NSS library version);
2) minor enhancement to specify a pkcs11.txt configuration file (as
secmod.db was used before, for the legacy db); and,
3) some minor debugging enhancements to get error codes out of NSS.
I'll be grateful if someone can have a look at it. This proposal fixes an
existing bug, that can be verified with Oracle's internal tests.
I'm CC' Max to this email, as he was the one who notified me about the bug.
On Wed, Mar 14, 2018 at 3:04 PM, Seán Coffey <sean.coffey at oracle.com> wrote:
> I'll have a look Martin, but it'll be better if we can get an NSS or
> PKCS11 expert to take a look. Any takers ? Can you expand some bit on the
> exact reason for your 8195607 changes ? Pointers to NSS changes etc. ?
> On 14/03/18 16:11, Martin Balao wrote:
> Hi Sean,
> Can you please review the fix  so we have it in? As far as I know, fix
> makes Oracle internal tests pass.
> Kind regards,
>  - http://mail.openjdk.java.net/pipermail/security-dev/2018-
> On Wed, Mar 14, 2018 at 12:05 PM, Seán Coffey <sean.coffey at oracle.com>
>> Hi Martin,
>> Thanks for the 8195607 pointer. I'll get this ported to jdk8u also. I
>> didn't see that actual issue during testing but no harm to port it. Will
>> submit a new webrev shortly.
>> On 14/03/18 14:55, Martin Balao wrote:
>> Hi Sean,
>> Is this related to http://mail.openjdk.java.ne
>> t/pipermail/security-dev/2018-February/016776.html ?
>> Kind regards,
>> On Wed, Mar 14, 2018 at 11:48 AM, Seán Coffey <sean.coffey at oracle.com>
>>> Looking to backport this fix to jdk8u-dev. Contributed to JDK Project
>>> by Martin Balao.
>>> webrev : http://cr.openjdk.java.net/~coffeys/webrev.8165996.8u/webrev/
>>> The test/jdk/sun/security/pkcs11/PKCS11Test.java edits didn't seem
>>> applicable to jdk8u.
>>> Also, I edited sun/security/pkcs11/Secmod/TestNssDbSqlite.java to
>>> exclude test where NSS Provider
>>> didn't register. (line 66). In particular, I saw this while running
>>> 32bit JDK tests on 64 bit Linux.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security-dev