Issue #256: certmonger behaves badly if /etc/pki/nssdb doesn't exist - certmonger

certmonger

#256 certmonger behaves badly if /etc/pki/nssdb doesn't exist

Closed: fixed Apr 4, 2023 by rcritten. Opened Feb 28, 2023 by rcritten.

An issue was reported against dogtag where certificates were disappearing during the installation process, https://github.com/dogtagpki/pki/issues/4334

We discovered it was certmonger removing them. It did this because the certificate parsing uses /etc/pki/nssdb to parse certificates and not the database associated with the request.

The reason is that ever openssl code uses the NSS certificate parser, so simply switching to the requested database is not sufficient.

I think we should:
- Improve logging to include the database path when NSS_Init* fails
- Do an existence check on pkcs11.txt and secmod.db

rcritten commented Feb 28, 2023

https://pagure.io/certmonger/pull-request/257

rcritten commented Apr 4, 2023

master: e326d7054fbe5f62a3cc549a1a75ed0c67b5897c

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

Apr 4, 2023

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

Normal

Related Pull Requests

#257

certmonger

#256 certmonger behaves badly if /etc/pki/nssdb doesn't exist Closed: fixed Apr 4, 2023 by rcritten. Opened Feb 28, 2023 by rcritten.

Metadata

Related Pull Requests

#256 certmonger behaves badly if /etc/pki/nssdb doesn't exist

Closed: fixed Apr 4, 2023 by rcritten. Opened Feb 28, 2023 by rcritten.