Hi Brian,
sorry for the late response! I was away the last few days.
I have backported the fix for this to SLE, but forgot to push it to our
github-page. Sorry about that.
The updated version is now here:
https://github.com/openSUSE/firefox-maintenance/tree/115esr/nss
Also, sorry that you find our forums unhelpful for these kinds of
problems. But feel free to open a bugreport on that github-page, or ping
me directly, if something like this comes up again!
Cheers,
Martin
On 9/28/23 23:06, Brian Reichert wrote:
I'm rebuilding SLES 12's mozilla-nss-3.90-58.104.1 from a source
RPM.
This successfully builds binaries, but logic in the SPEC file triggers
a bunch of self-tests to run. Some of these tests are failing, and
I was hoping to get some guidance about correcting, or selectively
ignoring these errors.
This, of course means stock nss-3.90, but modified by SLES's ~40
patches. I acknowledge that this makes this question not at all
appropriate for this forum, but all of SLES's support forums a
patently useless, in my experience.
Anyway:
I have retained full logs of the build and test run, which I could
provide to anyone who's curious.
It ends with this:
Tests summary:
--------------
Passed: 11550
Failed: 24
Failed with core: 0
ASan failures: 0
Unknown status: 25
TinderboxPrint:Unknown: 25
The first reported failure is, (I think) is:
chains.sh: #1039: TrustAnchors: Verifying certificate(s)
NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d
trustanchorsDB -pp - PASSED
chains.sh: Verifying certificate(s) NameConstraints.server3.cert
NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain
-d trustanchorsDB -pp -vv /home/breichert/testing/rpmbuild/mozilla-nss_new
/BUILD/nss-3.90/nss/tests/libpkix/certs/NameConstraints.server3.cert
/home/breichert/testing/rpmbuild/mozilla-nss_new/BUILD/nss-3.90/nss/tests/libpkix/certs/NameConstraints.intermediate.cert
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US :
ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is pass
chains.sh: #1040: TrustAnchors: Verifying certificate(s)
NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d
trustanchorsDB -pp - FAILED
If I look for all of the FAILED messages, they're all related to
'TrustAnchors: Verifying certificate(s)'.
Does this sound like an environmental issue? Do these tests pass
with a stock 3.90 install? (I would hope so...)
I'm happy to provide more information, and will accept any advice offered.
--
You received this message because you are subscribed to the Google Groups
"dev-tech-crypto@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to dev-tech-crypto+unsubscr...@mozilla.org.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/520acc99-e09b-43ac-9088-6bc8bed89fef%40suse.de.
