Bug 480640 - [RFE] Add write support to NSS PKCS #11 PEM module
[RFE] Add write support to NSS PKCS #11 PEM module
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss (Show other bugs)
All Linux
medium Severity medium
: alpha
: 7.0
Assigned To: Kai Engert (:kaie)
BaseOS QE Security Team
: FutureFeature, Reopened
: 555273 (view as bug list)
Depends On: 480494 555273 674570
  Show dependency treegraph
Reported: 2009-01-19 11:28 EST by Elio Maldonado Batiz
Modified: 2016-01-22 11:33 EST (History)
15 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 480494
Last Closed: 2016-01-22 11:33:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 402712 None None None Never

  None (edit)
Description Elio Maldonado Batiz 2009-01-19 11:28:40 EST
The NSS PEM PKCS #11 module is read only. Support for writing PEM files is needed.  The lack of PEM write support hampers the migration to NSS of security
products as part of the FIPS 140-2 validation and Crypto Consolidation efforts. 
Two such products are Openswan's Pluto (# 444801) and crypto-utils (#46731).
Comment 2 Kai Engert (:kaie) 2009-01-21 19:31:45 EST
Elio or Rob, are you going to work on this?
Comment 4 Elio Maldonado Batiz 2009-01-21 21:16:41 EST
See External link to https://bugzilla.mozilla.org/show_bug.cgi?id=402712. It's logged here to help Red Hat program management track it. The existing PEM module is currently under review upstream.
Comment 6 Elio Maldonado Batiz 2009-05-20 14:51:30 EDT
I have learned that the PEM module is actually not yet a supported RHEL 5 feature.  It turns out that this not a mere matter of adding the write support feature to the PEM module and it currently ships in Fedora only. The module has been submitted to upstream NSS and is presently under review by the nss team. Furthermore numerous patches have been submitted in Fedora as other libraries (mainly libcurl) use it more.
Comment 7 Elio Maldonado Batiz 2009-05-20 16:44:41 EDT
We are working on this for Fedora-12 but don't know yet whether it would RHEL 6.0 or RHEL 5.5 the delivery vehicle.  This bug should not be marked as a RHEL 5.4 FIPS-140 blocker.
Comment 11 Chandrasekar Kannan 2009-08-05 15:24:35 EDT
per bug council, shifting to rhel6
Comment 16 Elio Maldonado Batiz 2010-07-02 12:33:31 EDT
*** Bug 555273 has been marked as a duplicate of this bug. ***
Comment 17 Elio Maldonado Batiz 2010-11-22 18:23:00 EST
Bob, I recommend a devel-ack+. It's in my to do list for the pem module.

Note You need to log in before you can comment on or make changes to this bug.