From f6ec67e45e810ba47bd0ea910a49bf2839c05702 Mon Sep 17 00:00:00 2001
From: William Brown <firstyear@redhat.com>
Date: Apr 20 2017 04:07:08 +0000
Subject: Ticket 49041 - nss won't start if sql db type set


Bug Description:   We only check for key3.db and cert8.db. However, newer NSS in
fedora creates key4.db and cert9.db. When you make certs they go here, and if
you restart DS, it touches the blank files key3.db and cert8.db, so then you
have a broken NSS database.

Fix Description:  Check for key3.db, key4.db, cert8.db and cert9.db.

https://fedorahosted.org/389/ticket/49041

Author: wibrown

Review by: mreynolds (Thanks!)

---

diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index f3d8f96..186c42b 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -970,14 +970,13 @@ warn_if_no_cert_file(const char *dir, int no_log)
     PRStatus status = PR_Access(filename, PR_ACCESS_READ_OK);
     if (PR_SUCCESS != status) {
         slapi_ch_free_string(&filename);
-        filename = slapi_ch_smprintf("%s/cert7.db", dir);
+        filename = slapi_ch_smprintf("%s/cert9.db", dir);
         status = PR_Access(filename, PR_ACCESS_READ_OK);
         if (PR_SUCCESS != status) {
             ret = 1;
             if (!no_log) {
                 slapi_log_err(SLAPI_LOG_CRIT, "Security Initialization",
-                    "warn_if_no_cert_file - Certificate DB file cert8.db nor cert7.db exists in [%s] - "
-                    "SSL initialization will likely fail\n", dir);
+                    "warn_if_no_cert_file - Certificate DB file cert8.db nor cert9.db exists in [%s] - SSL initialization will likely fail\n", dir);
             }
         }
     }
@@ -992,18 +991,22 @@ static int
 warn_if_no_key_file(const char *dir, int no_log)
 {
     int ret = 0;
-	char *filename = slapi_ch_smprintf("%s/key3.db", dir);
-	PRStatus status = PR_Access(filename, PR_ACCESS_READ_OK);
-	if (PR_SUCCESS != status) {
-        ret = 1;
-        if (!no_log) {
-            slapi_log_err(SLAPI_LOG_CRIT, "Security Initialization",
-                "warn_if_no_key_file - Key DB file %s does not exist - SSL initialization will "
-                "likely fail\n", filename);
+    char *filename = slapi_ch_smprintf("%s/key3.db", dir);
+    PRStatus status = PR_Access(filename, PR_ACCESS_READ_OK);
+    if (PR_SUCCESS != status) {
+        slapi_ch_free_string(&filename);
+        filename = slapi_ch_smprintf("%s/key4.db", dir);
+        status = PR_Access(filename, PR_ACCESS_READ_OK);
+        if (PR_SUCCESS != status) {
+            ret = 1;
+            if (!no_log) {
+                slapi_log_err(SLAPI_LOG_CRIT, "Security Initialization",
+                    "warn_if_no_key_file - Key DB file key3.db nor key4.db exists in [%s] - SSL initialization will likely fail\n", dir);
+            }
         }
-	}
+    }
 
-	slapi_ch_free_string(&filename);
+    slapi_ch_free_string(&filename);
     return ret;
 }