[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 98/156: Don't allow blank passwords if FIPS is enabled. This is not allowed by the NSS FIPS 140-2 security policy.
Timo Aaltonen
tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:32 UTC 2014
This is an automated email from the git hooks/post-receive script.
tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.
commit 9576f57fd1a88959404d3532888bf20c28649f88
Author: rcritten <>
Date: Wed Jul 2 14:54:37 2008 +0000
Don't allow blank passwords if FIPS is enabled. This is not allowed
by the NSS FIPS 140-2 security policy.
---
nss_engine_pphrase.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c
index 8a77301..eb66029 100644
--- a/nss_engine_pphrase.c
+++ b/nss_engine_pphrase.c
@@ -335,7 +335,12 @@ static char *nss_get_password(FILE *input, FILE *output,
fprintf(output, "non-alphabetic characters\n");
continue;
}
- return (char*) PORT_Strdup((char*)phrase);
+ if (PK11_IsFIPS() && strlen(phrase) == 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+ "The FIPS security policy requires that a password be set.");
+ nss_die();
+ } else
+ return (char*) PORT_Strdup((char*)phrase);
}
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git
More information about the Pkg-fedora-ds-maintainers
mailing list