Bug 1194349
| Summary: | test_pkcs12.py does not works in FIPS mode | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Patrik Kis <pkis> | ||||
| Component: | python-nss | Assignee: | John Dennis <jdennis> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Stanislav Zidek <szidek> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 7.1 | CC: | dpal, nkinder | ||||
| Target Milestone: | rc | Keywords: | Patch | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | python-nss-0.16.0-3.el7 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-11-19 11:34:49 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Thank you for reporting and the good analysis. fixed in upstream commit 103:6096d0660e2a Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2357.html |
Created attachment 993685 [details] Proposed patch Description of problem: Two test scripts provided by python-nss-doc are not working on FIPS mode: setup_certs.py test_pkcs12.py These are only a kind of examples but it would be nice to have versions which are working also in FIPS. Please note, they are executed during testing. Version-Release number of selected component (if applicable): python-nss-doc-0.16.0-2.el7 How reproducible: always Steps to Reproduce: The 1st problem is that setup_certs.py can not create certificates with command: # /usr/bin/certutil -S -x -d 'sql:pki' -f pwd -n test_ca -s 'CN=Test CA' -g 1024 -t 'CT,,CT' -1 -2 -5 -m 1 -v 12 certutil: unable to generate key(s) : SEC_ERROR_IO: An I/O error occurred during security authorization. The problem is the weak password used here: db_passwd = 'db_passwd' The 2nd problem is with test_export() in test_pkcs12.py. In FIPS salt is used and it appears in exported files. This cause that the comparison fails. I could not find better way that remove the salt from the string which are compared.