[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 98/156: Don't allow blank passwords if FIPS is enabled. This is not allowed by the NSS FIPS 140-2 security policy.

Timo Aaltonen tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:32 UTC 2014


This is an automated email from the git hooks/post-receive script.

tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.

commit 9576f57fd1a88959404d3532888bf20c28649f88
Author: rcritten <>
Date:   Wed Jul 2 14:54:37 2008 +0000

    Don't allow blank passwords if FIPS is enabled. This is not allowed
    by the NSS FIPS 140-2 security policy.
---
 nss_engine_pphrase.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c
index 8a77301..eb66029 100644
--- a/nss_engine_pphrase.c
+++ b/nss_engine_pphrase.c
@@ -335,7 +335,12 @@ static char *nss_get_password(FILE *input, FILE *output,
             fprintf(output, "non-alphabetic characters\n");
             continue; 
         }
-        return (char*) PORT_Strdup((char*)phrase);
+        if (PK11_IsFIPS() && strlen(phrase) == 0) {
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+                "The FIPS security policy requires that a password be set.");
+            nss_die();
+        } else
+            return (char*) PORT_Strdup((char*)phrase);
     }
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git



More information about the Pkg-fedora-ds-maintainers mailing list