On Wed, Nov 29, 2023 at 08:08:34AM +0100, Martin Sirringhaus wrote: > But I would suggest, you simply do not apply them at all, if you are not > after a FIPS-certification. > They are currently kept alive only in a minimal-effort kind of way for > newer NSS-versions. They should only be used for the ESR-version of NSS.
Thanks for you advice. I was able to port the patches I have, and they seem to apply cleanly. I'm bombing out on three tests, however. They all seem to have this same flavor of error: cert.sh: #291: Enable FIPS mode on database for FIPS PUB 140 Test Certificate (12) - FAILED cert.sh ERROR: Enable FIPS mode on database for FIPS PUB 140 Test Certificate failed 12 cert.sh: Setting invalid database password in FIPS mode -------------------------- certutil -W -d /home/breichert/rpmbuild/mozilla-nss/BUILD/nss-3.95/tests_results/security/localhost.1/fips -f ../tests.fipspw -@ ../tests.fipsbadpw Failed to change password. certutil: Could not set password for the slot: SEC_ERROR_INVALID_PASSWORD: Password entered is invalid. Please pick a different one. It is possible these are due to my mismanaging the patches? Or is this a known issue with this release? > Cheers, > Martin -- Brian Reichert <[email protected]> BSD admin/developer at large -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/20231129221413.GB33791%40numachi.com.
