690158 – Unable to read from pin store for slot: NSS FIPS 140-2 Certificate DB APR err

Bug 690158 - Unable to read from pin store for slot: NSS FIPS 140-2 Certificate DB APR err

Summary: Unable to read from pin store for slot: NSS FIPS 140-2 Certificate DB APR err

Keywords:
Status:	CLOSED DUPLICATE of bug 677698
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	mod_nss
Sub Component:
Version:	5.6
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-03-23 13:32 UTC by Michael Worsham
Modified:	2015-01-04 23:47 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-03-23 14:39:04 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Current nss.conf configuration file (8.00 KB, application/octet-stream) 2011-03-23 13:43 UTC, Michael Worsham	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	669963	0	high	CLOSED	mod_nss's postinstall script doesn't work properly	2021-02-22 00:41:40 UTC

Description Michael Worsham 2011-03-23 13:32:14 UTC

Description of problem:
Ever since we started using the newer mod_nss RPM (mod_nss-1.0.8-3.el5), a number of these errors started appearing in the /var/log/httpd/error_log file:

[error] Unable to read from pin store for slot: NSS FIPS 140-2 Certificate DB APR err: 11
[error] Unable to read from pin store for slot: NSS FIPS 140-2 Certificate DB APR err: 70007

Version-Release number of selected component (if applicable):
mod_nss-1.0.8-3.el5

How reproducible:
As long as the RPM is installed and enabled, the errors keep appearing.

Steps to Reproduce:
1. yum install mod_nss
2. Verify that NSSFIPS is enabled in the nss.conf
3. Restart Apache process
4. Test SSL connectivity

Additional info:
I have used the workaround as per Bugzilla case #669963 (https://bugzilla.redhat.com/show_bug.cgi?id=669963) for getting httpd to actually start since the permissions and ownership had changed with the new build release.

Comment 1 Michael Worsham 2011-03-23 13:43:01 UTC

Created attachment 487040 [details]
Current nss.conf configuration file

Comment 2 Rob Crittenden 2011-03-23 14:39:04 UTC


*** This bug has been marked as a duplicate of bug 677698 ***

Comment 3 mag 2012-03-09 21:09:30 UTC

"You are not authorized to access bug #677698. "
May I ask that What The F^HSituation with that bug?
I cannot think any reason to be secretive about a bug in an open source product but security hole. Soon we will have an anniversary. A security bug must not take so much time to fix.

Comment 4 Dmitri Pal 2012-03-09 21:21:31 UTC

It is fixed in RHEL 5.8.

Comment 5 mag 2012-03-10 02:07:36 UTC

What is fixed exactly?

Comment 6 Michael Worsham 2012-03-18 16:03:03 UTC

When is the mod_nss-1.0.8-5.el5 RPM going to be released?

Note You need to log in before you can comment on or make changes to this bug.