On Wed, Nov 29, 2023 at 08:08:34AM +0100, Martin Sirringhaus wrote:
> But I would suggest, you simply do not apply them at all, if you are not
> after a FIPS-certification.
> They are currently kept alive only in a minimal-effort kind of way for
> newer NSS-versions. They should only be used for the ESR-version of NSS.
Thanks for you advice. I was able to port the patches I have, and
they seem to apply cleanly.
I'm bombing out on three tests, however. They all seem to have this
same flavor of error:
cert.sh: #291: Enable FIPS mode on database for FIPS PUB 140 Test Certificate (12) - FAILED
cert.sh ERROR: Enable FIPS mode on database for FIPS PUB 140 Test Certificate failed 12
cert.sh: Setting invalid database password in FIPS mode
--------------------------
certutil -W -d /home/breichert/rpmbuild/mozilla-nss/BUILD/nss-3.95/tests_results/security/localhost.1/fips -f ../tests.fipspw -@ ../tests.fipsbadpw
Failed to change password.
certutil: Could not set password for the slot: SEC_ERROR_INVALID_PASSWORD: Password entered is invalid. Please pick a different one.
It is possible these are due to my mismanaging the patches? Or is
this a known issue with this release?
> Cheers,
> Martin