Bug 690158

Summary: Unable to read from pin store for slot: NSS FIPS 140-2 Certificate DB APR err
Product: Red Hat Enterprise Linux 5 Reporter: Michael Worsham <mworsham>
Component: mod_nssAssignee: Rob Crittenden <rcritten>
Status: CLOSED DUPLICATE QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.6CC: benl, dpal, mag
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-23 14:39:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Current nss.conf configuration file none

Description Michael Worsham 2011-03-23 13:32:14 UTC 
Description of problem:
Ever since we started using the newer mod_nss RPM (mod_nss-1.0.8-3.el5), a number of these errors started appearing in the /var/log/httpd/error_log file:

[error] Unable to read from pin store for slot: NSS FIPS 140-2 Certificate DB APR err: 11
[error] Unable to read from pin store for slot: NSS FIPS 140-2 Certificate DB APR err: 70007

Version-Release number of selected component (if applicable):
mod_nss-1.0.8-3.el5

How reproducible:
As long as the RPM is installed and enabled, the errors keep appearing.

Steps to Reproduce:
1. yum install mod_nss
2. Verify that NSSFIPS is enabled in the nss.conf
3. Restart Apache process
4. Test SSL connectivity

Additional info:
I have used the workaround as per Bugzilla case #669963 (https://bugzilla.redhat.com/show_bug.cgi?id=669963) for getting httpd to actually start since the permissions and ownership had changed with the new build release.
Comment 1 Michael Worsham 2011-03-23 13:43:01 UTC 
Created attachment 487040 [details]
Current nss.conf configuration file
Comment 2 Rob Crittenden 2011-03-23 14:39:04 UTC 

*** This bug has been marked as a duplicate of bug 677698 ***
Comment 3 mag 2012-03-09 21:09:30 UTC 
"You are not authorized to access bug #677698. "
May I ask that What The F^HSituation with that bug?
I cannot think any reason to be secretive about a bug in an open source product but security hole. Soon we will have an anniversary. A security bug must not take so much time to fix.
Comment 4 Dmitri Pal 2012-03-09 21:21:31 UTC 
It is fixed in RHEL 5.8.
Comment 5 mag 2012-03-10 02:07:36 UTC 
What is fixed exactly?
Comment 6 Michael Worsham 2012-03-18 16:03:03 UTC 
When is the mod_nss-1.0.8-5.el5 RPM going to be released?