зеркало из https://github.com/mozilla/gecko-dev.git
455ab646d3
Firefox essentially does not support running NSS in FIPS mode any longer. This has always been the case on Android from what I can tell and it has been the case on OS X since at least version 34 (see bug 1047584). It became the case on Windows as of version 53 (see bug 1295937). Unfortunately, before this patch, if a user attempted to run an affected version of Firefox using a profile directory containing an NSS database collection that had FIPS enabled, NSS initialization would fail and fall back to running in no DB mode, which had the side-effect of making any saved passwords and certificates unavailable. This patch attempts to detect and work around this failure mode by moving the PKCS#11 module DB (which is where the FIPS bit is set) to a backup location and basically running with a fresh, non-FIPS module DB. This allows Firefox to initialize NSS with the preexisting key and certificate databases available. MozReview-Commit-ID: 1E4u1ngZyRv --HG-- rename : security/manager/ssl/tests/unit/test_sdr_preexisting.js => security/manager/ssl/tests/unit/test_broken_fips.js rename : security/manager/ssl/tests/unit/test_sdr_preexisting/key3.db => security/manager/ssl/tests/unit/test_broken_fips/key3.db extra : rebase_source : 887f457e998d6e57c6536573fbe3cb10547fe154 |
||
|---|---|---|
| .. | ||
| apps | ||
| certverifier | ||
| manager | ||
| nss | ||
| pkix | ||
| sandbox | ||
| generate_certdata.py | ||
| generate_mapfile.py | ||
| moz.build | ||
| nss.symbols | ||