Hans Petter Jansson wrote, On 2008-11-14 21:54: > I've been looking in NSS docs and ML archives for a solution to the > following problem, with no luck. Asking around on IRC, I was pointed to > this ML. Hopefully it's the appropriate forum. > > I'm trying to migrate existing NSS DBs from the old Berkeley DB format > to the new, SQLite-based format that can be shared by multiple > applications, using a snipped of C code from your migration guide.
[code snipped] > This works for some databases, but not others. It doesn't seem to matter > which application created the database (I've tried with databases from > Firefox and Evolution) - e.g. one user's database may fail while another > user's database may migrate properly. Do these separate users have separate systems, which separate installations of the software? Or do they share a single multi-user system? I'm wondering if perhaps differences in their installations can explain it. > When it fails, it's always on the first PK11_Authenticate () call (step > 3). The code above produces the following output: > > *** Auth call failed: 4294959104. > > That is, 0xffffe000. which as a signed number is -8192, which is SEC_ERROR_IO. http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html#1039257 > If I set up an auth callback, it never gets called. SEC_ERROR_IO was originally intended to have a specific meaning, which was something like "I wanted to ask you for your password, but I couldn't open the file or device (terminal) with which to get it, so I gave up." That meaning would be consistent with a failure in PK11_Authenticate. However, it has been overloaded with another meaning which is much more vague, basically "We tried to do something with a PKCS#11 token and it failed". For one example of that, see https://bugzilla.mozilla.org/show_bug.cgi?id=464411 > Do you have any suggestions as to what I'm doing wrong here? Let's start with basics. Might some of them have corrupt cert8 DBs? Can you get a listing of their cert DBs with certutil? Does modutil show any unloaded PKCS#11 modules in their secmod DB? What version of NSS are you using? This sounds somewhat like https://bugzilla.mozilla.org/show_bug.cgi?id=397122 but that was fixed a year ago. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
