[OE-core] [PATCH 0/1] nss: fix non-determinism when create blank certificate
kai.kang at windriver.com
kai.kang at windriver.com
Thu Oct 11 14:24:16 UTC 2018
From: Kai Kang <kai.kang at windriver.com>
Test on qemux86-64 qemuarm qemumips64 and qemuppc
1 bitbake core-image-sato
2 boot image
3 run some certutil commands to list create delete certificate and works well
root at qemuppc:~# certutil -L -d /etc/pki/nssdb/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
root at qemuppc:~# certutil -U -d sql:/etc/pki/nssdb/
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
root at qemuppc:~# certutil -K -d sql:/etc/pki/nssdb/
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
certutil: no keys found
root at qemuppc:~# certutil -S -d sql:/etc/pki/nssdb/ -s "CN=Example CA" -n my-ca-cert -x -t "C,C,C" -1 -2 -5 -m 3650
...
root at qemuppc:~# certutil -L -d /etc/pki/nssdb/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
my-ca-cert Cu,Cu,Cu
root at qemuppc:~# certutil -K -d /etc/pki/nssdb/
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa df1dfdd0f643f7821daea44ea4f3a2125db4e2b3 NSS Certificate DB:my-ca-cert
root at qemuppc:~# certutil -D -d sql:/etc/pki/nssdb/ -n "my-ca-cert"
root at qemuppc:~# certutil -L -d /etc/pki/nssdb/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
root at qemuppc:~# certutil -K -d /etc/pki/nssdb/
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa df1dfdd0f643f7821daea44ea4f3a2125db4e2b3 (orphan)
root at qemuppc:~#
The following changes since commit 8a2e53b525ebc4f50c7384af056cbe67a3913282:
libxml2: Make it compatible with externalsrc (2018-10-10 17:59:09 +0100)
are available in the Git repository at:
git://git.pokylinux.org/poky-contrib kangkai/nss
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/nss
Kai Kang (1):
nss: fix non-determinism when create blank certificate
meta/recipes-support/nss/nss/blank-cert9.db | Bin 0 -> 28672 bytes
meta/recipes-support/nss/nss/blank-key4.db | Bin 0 -> 36864 bytes
meta/recipes-support/nss/nss/system-pkcs11.txt | 5 +++++
meta/recipes-support/nss/nss_3.38.bb | 16 ++++++++--------
4 files changed, 13 insertions(+), 8 deletions(-)
create mode 100644 meta/recipes-support/nss/nss/blank-cert9.db
create mode 100644 meta/recipes-support/nss/nss/blank-key4.db
create mode 100644 meta/recipes-support/nss/nss/system-pkcs11.txt
--
2.18.0
More information about the Openembedded-core
mailing list