Description of problem:
crlutil appears not to make proper use of a password file supplied with its -f switch when importing CRLs into an NSS database which is in FIPS mode.
Version-Release number of selected component (if applicable):
For instructions to reproduce problem, actual and expected results, see the upstream bugzilla, https://bugzilla.mozilla.org/show_bug.cgi?id=686761
Proposed patch added to Mozilla bug.
The proposed patch was accepted and committed upstream.
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.
Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
The upstream patch appears to have made it into RHEL 6, thanks to Bug 799192. I've updated nss-util to 3.13.3-2.el6, according to RHSA-2012:0973-04, and gone through the steps to reproduce from https://bugzilla.mozilla.org/show_bug.cgi?id=686761. I found that crlutil now works as expected.