certmonger

#297 Build fails during test suite with NSS 3.115.1
Closed: fixed by rcritten. Opened by rauty.

Closed: fixed
Reopen Issue

After updating to NSS version 3.115.1, the certmonger package (version 0.79.20) builds successfully but the test suite fails, resulting in a FTBFS status.

The compilation completes with numerous warnings (mostly about unused parameters and deprecated OpenSSL functions) but no critical errors. The failure occurs when running the automated tests.

This appears to be a compatibility issue between certmonger and the newer NSS library. The problem likely lies in one of the test cases that interacts with NSS databases (dbm: or sql:), as the build log indicates the code paths for both are enabled during configuration.

Steps to Reproduce:

  1. Build environment with NSS >= 3.115.1
  2. Attempt to build and test certmonger-0.79.20
  3. The build (make) passes, but the test run fails.

Build Environment:

NSS Version: 3.115.1
certmonger Version: 0.79.20
OS: ALT Linux (sisyphus)

A full build log for your analysis:
Link: https://git.altlinux.org/beehive/logs/Sisyphus/x86_64/archive/2025/0920/error/certmonger-0.79.20-alt3
Thank you for looking into this issue and for maintaining certmonger.

The NSS bug is reported in https://bugzilla.redhat.com/show_bug.cgi?id=2395904. I should have opened a certmonger ticket myself regarding this. Sorry about that.
Edited by rcritten

The Fedora bug was escalated to the Mozilla BZ in https://bugzilla.mozilla.org/show_bug.cgi?id=1990444

@rcritten, thank you for your work.
Is this test critical and will nothing terrible happen if I weaken it?

Sadly I don't know. It could be that it only affects this one flag which in my experience is rarely used, but if it also affects other flags that could be bad.

Honestly, current certmonger is broken with NSS. If you want/need to pull in some patches from the latest release you would be no worse off if you disabled the failing test IMHO.

It occurred to me that whatever is going on with the NSS flags is happening now with any version of certmonger and NSS 3.115.

So I've temporarily modified the test so that it won't block building/releasing in PR https://pagure.io/certmonger/pull-request/299 . I'll be merging it soon and doing a new release today.

I released upstream certmonger 0.79.21 with my test fix. If/when NSS is fixed I'll revert the change.

The NSS team has confirmed that the 'c' flag is deprecated.

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
Metadata
None
None
None
None
None
Related Pull Requests
Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.
Red Hat Logo

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

© Red Hat, Inc. and others.