Bug#889698: nss 3.35 now defaults to SQL database, broke certmonger/mod_nss/dogtag/freeipa
Timo Aaltonen
tjaalton at debian.org
Tue Feb 6 10:15:50 UTC 2018
On 06.02.2018 10:33, Mike Hommey wrote:
> On Tue, Feb 06, 2018 at 09:16:05AM +0200, Timo Aaltonen wrote:
>> Package: nss
>> Severity: grave
>>
>> Hi, please revert this commit which switched the default certificate database format to SQL:
>>
>> https://github.com/nss-dev/nss/commit/33b114e38278c4ffbb6b244a0ebc9910e5245cd3
>>
>> Several packages are not ready for it yet, including but likely not limited to:
>>
>> certmonger
>> libapache2-mod-nss
>> dogtag-pki
>> freeipa
>>
>> respective upstreams are working on it but getting everything merged will take a month or two.
>
> Can you be more specific in how this affects those packages? Because
> AFAIR, this is supposed to kind of be transparent.
For example it changes how certutil is run, which would now need a
'dbm:'(?) prefix when accessing an old DB like when setting up Freeipa
as shown here:
https://bugs.launchpad.net/bugs/1746947
and it also breaks an installed Dogtag instance though I don't know how
exactly:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889526
these all use an internal cert DB.
--
t
More information about the pkg-mozilla-maintainers
mailing list