[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nss security update package ready for review

Hi

This was the case when I run the tests last time. If I remenber correctly FIPS had to be enabled with sysctl and even with that I couldn't make it work.

After reading more about FIPS I concluded that this is likely something that nobody uses, at least likely not on wheezy.

/ Ola

Sent from a phone


Den 1 dec 2016 16:06 skrev "Antoine Beaupré" <anarcat@orangeseeds.org>:
On 2016-11-30 23:59:32, Guido Günther wrote:
> I remember the nss testsuite to run cleanly last time I checked a couple
> of months ago so we should IMHO investigate.

It seems that there are a lot of failing tests regarding FIPS support:

[1034]anarcat@angela:nss-3.26.2$ grep 'FAILED$' /var/cache/pbuilder/build//cow.13026/tmp/buildd/nss-3.26.2/build.log
cert.sh: #320: Enable FIPS mode on database for FIPS PUB 140 Test Certificate (11)  - FAILED
fips.sh: #830: Verify this module is in FIPS mode (modutil -chkfips true) . - FAILED
fips.sh: #849: Run PK11MODE in FIPS mode (pk11mode) . - FAILED
fips.sh: #850: Run PK11MODE in Non FIPS mode (pk11mode -n) . - FAILED
fips.sh: #851: Init NSS with a corrupted library (dbtest -r) . - FAILED
ssl.sh: #2681:  (modutil -fips true) produced a returncode of 11, expected is 0 - FAILED
ssl.sh: #2683:  (grep "FIPS PKCS #11") produced a returncode of 1, expected is 0 - FAILED
ssl.sh: #2684:  (modutil -fips true) produced a returncode of 11, expected is 0 - FAILED
ssl.sh: #2686:  (grep "FIPS PKCS #11") produced a returncode of 1, expected is 0 - FAILED
ssl.sh: #3144:  (modutil -fips false) produced a returncode of 13, expected is 0 - FAILED
ssl.sh: #3147:  (modutil -fips false) produced a returncode of 13, expected is 0 - FAILED
ssl.sh: #3150:  (modutil -fips true) produced a returncode of 11, expected is 0 - FAILED
ssl.sh: #3152:  (grep "FIPS PKCS #11") produced a returncode of 1, expected is 0 - FAILED
ssl.sh: #3153:  (modutil -fips true) produced a returncode of 11, expected is 0 - FAILED
ssl.sh: #3155:  (grep "FIPS PKCS #11") produced a returncode of 1, expected is 0 - FAILED
[1034]anarcat@angela:nss-3.26.2$ grep 'FAILED$' /var/cache/pbuilder/build//cow.13026/tmp/buildd/nss-3.26.2/build.log | wc
     15     222    1279

The test suite hasn't completed yet, so two more are missing... But
basically, this looks like *all* FIPS-related issues, except for #851.

Does that ring a bell to anyone?

A.

--
Il faut tout un village pour élever un enfant.
                        - Proverbe africain
Reply to: