Bug#588806: libnss3-1d: Impossible to enable FIPS mode
Lior Okman
lior.okman at insightix.com
Mon Jul 12 12:53:59 UTC 2010
Thanks, this worked.
Lior
-----Original Message-----
From: Mike Hommey [mailto:mh at glandium.org]
Sent: Monday, July 12, 2010 3:44 PM
To: Lior Okman; 588806 at bugs.debian.org
Subject: Re: Bug#588806: libnss3-1d: Impossible to enable FIPS mode
On Mon, Jul 12, 2010 at 02:40:32PM +0200, Mike Hommey wrote:
> On Mon, Jul 12, 2010 at 03:31:11PM +0300, Lior Okman wrote:
> >
> > Package: libnss3-1d
> > Version: 3.12.6-2
> > Severity: normal
> >
> >
> > It is impossible to enable FIPS mode using the libnss3-1d binaries
available
> > in Squeeze.
> >
> > The same functionality works both in the Lenny version and in upstream.
> >
> > squeeze:~# mkdir db
> > squeeze:~# cd db
> > squeeze:~/db# modutil -create -dbdir .
> > squeeze:~/db# modutil -fips true -dbdir .
> >
> > security library: invalid arguments.
> > ERROR: Unable to switch FIPS modes.
> >
> > This is caused by invalid .chk files packaged with the shared objects.
>
> More subtil: there is no chk for libnssdbm3.so, which appeared quite
> recently.
As a temporary workaround, you can run, as root:
shlibsign -i /usr/lib/nss/libnssdbm3.so
Mike
More information about the pkg-mozilla-maintainers
mailing list