Re: Urgent review: 49041 ssl fails to start on f24

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/17/2016 12:25 PM, Rob Crittenden wrote:
Noriko Hosoi wrote:
On 11/17/2016 11:22 AM, Rob Crittenden wrote:
Noriko Hosoi wrote:
On 11/17/2016 06:36 AM, Rob Crittenden wrote:
William Brown wrote:
https://fedorahosted.org/389/ticket/49041

https://fedorahosted.org/389/attachment/ticket/49041/0001-Ticket-49041-SSL-fails-to-start-due-to-NSS-db-versio.patch



I think this should be reviewed urgently and backported. This can
cause
SSL to fail to start on F24 and higher without explanation.
key4.db and cert9.db are the sqlite databases. Does 389-ds support
specifying sql:/path/to/database/dir?

rob
_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
We have a plan to switch [1] but when we discussed in the team, we
concluded it was not urgent.  I don't think NSS stops supporting the old
BDB format very soon?
Hi Rob,

I'm also not sure if we should migrate to sqlite format or not.  And if
we do when we should...  When I worked on it 8 months ago, it was
deferred since it was not urgent. :)
My question revolves around how likely this is to happen to make it
urgent. If 389-ds doesn't support sqlite databases then how are
key4/cert9 files going to end up being created?
The current version does not support sqlite format (as William
reported).  Once we apply the patch in [1], it generates sqlite format
cert db's.  (Test case is also attached.)
Or is sqlite now the
default format for the NSS utilities so merely using certutil would
generate them?
In terms of the upgrade, NSS provides the method, doesn't it?  Like once
opening the old format by, e.g., certutil with some option, it
automatically updates the format?  Then, we could rename the files to
the new names?  I guess we should prepare an upgrade script to do the
task which is executed in the rpm -U?

Any advice would be greatly appreciated...
My curiosity is only around how William found this bug in the first
place and what makes it so urgent.
Ok.  Thanks, Rob!  Yes, I'm curious, too. :)
--noriko

rob
_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux