Issue #256: certmonger behaves badly if /etc/pki/nssdb doesn't exist - certmonger

certmonger

#256 certmonger behaves badly if /etc/pki/nssdb doesn't exist

Closed: fixed a year ago by rcritten. Opened a year ago by rcritten.

An issue was reported against dogtag where certificates were disappearing during the installation process, https://github.com/dogtagpki/pki/issues/4334

We discovered it was certmonger removing them. It did this because the certificate parsing uses /etc/pki/nssdb to parse certificates and not the database associated with the request.

The reason is that ever openssl code uses the NSS certificate parser, so simply switching to the requested database is not sufficient.

I think we should:
- Improve logging to include the database path when NSS_Init* fails
- Do an existence check on pkcs11.txt and secmod.db

rcritten commented a year ago

https://pagure.io/certmonger/pull-request/257

rcritten commented a year ago

master: e326d70

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a year ago

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

None

keywords

None

rhbz

None

type

None

component

None

version

None

Related Pull Requests

#257 Merged a year ago

certmonger

Source Code

Documentation

#256 certmonger behaves badly if /etc/pki/nssdb doesn't exist Closed: fixed a year ago by rcritten. Opened a year ago by rcritten.

Metadata

Related Pull Requests

#256 certmonger behaves badly if /etc/pki/nssdb doesn't exist

Closed: fixed a year ago by rcritten. Opened a year ago by rcritten.