Bug 2051605

Summary: Detect NSS at Runtime for FIPS detection [rhel-8, openjdk-17]
Product: Red Hat Enterprise Linux 8 Reporter: Andrew John Hughes <ahughes>
Component: java-17-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED ERRATA QA Contact: OpenJDK QA <java-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.4CC: jandrlik, jvanek
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: java-17-openjdk-17.0.2.0.8-12.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2108269 (view as bug list) Environment:
Last Closed: 2022-05-10 13:32:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2108269    

Description Andrew John Hughes 2022-02-07 15:33:15 UTC 
Currently, we link against NSS on RHEL builds to obtain the SECMOD_GetSystemFIPSEnabled function.  However, this is not possible on portable builds and creates an unnecessary difference between the two.

We can instead detect NSS using dlopen at runtime and only then fall back on the /proc method if that fails.
Comment 10 errata-xmlrpc 2022-05-10 13:32:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (java-17-openjdk bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:1768