I'm rebuilding SLES 12's mozilla-nss-3.90-58.104.1 from a source
RPM.
This successfully builds binaries, but logic in the SPEC file triggers
a bunch of self-tests to run. Some of these tests are failing, and
I was hoping to get some guidance about correcting, or selectively
ignoring these errors.
This, of course means stock nss-3.90, but modified by SLES's ~40
patches. I acknowledge that this makes this question not at all
appropriate for this forum, but all of SLES's support forums a
patently useless, in my experience.
Anyway:
I have retained full logs of the build and test run, which I could
provide to anyone who's curious.
It ends with this:
Tests summary:
--------------
Passed: 11550
Failed: 24
Failed with core: 0
ASan failures: 0
Unknown status: 25
TinderboxPrint:Unknown: 25
The first reported failure is, (I think) is:
chains.sh: #1039: TrustAnchors: Verifying certificate(s)
NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED
chains.sh: Verifying certificate(s) NameConstraints.server3.cert
NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /home/breichert/testing/rpmbuild/mozilla-nss_new /BUILD/nss-3.90/nss/tests/libpkix/certs/NameConstraints.server3.cert /home/breichert/testing/rpmbuild/mozilla-nss_new/BUILD/nss-3.90/nss/tests/libpkix/certs/NameConstraints.intermediate.cert
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US :
ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is pass
chains.sh: #1040: TrustAnchors: Verifying certificate(s)
NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - FAILED
If I look for all of the FAILED messages, they're all related to
'TrustAnchors: Verifying certificate(s)'.
Does this sound like an environmental issue? Do these tests pass
with a stock 3.90 install? (I would hope so...)
I'm happy to provide more information, and will accept any advice offered.
--
Brian Reichert <
reic...@numachi.com>
BSD admin/developer at large