On Sun, Jan 19, 2014 at 11:08:24AM +0100, Yves-Alexis Perez wrote: > Package: libnss3 > Version: 2:3.15.4-1 > Severity: important > > Hi, > > I use evolution which uses the shared db in ~/.pki since a long time. > I've added my own root AC there, and disabled pretty much every other AC > since I won't use them (and actually receiving a certificate chain > leading to a common AC would mean someone is trying to MITM me…). > > With the 2:3.15.4-1 nss upload (which apparently enable the system > shared db) my local AC is gone from the authority and all the other > trust bits have been reset to the default. > > I've not set it RC, but it's really pretty annoying and can be > dangerous. I'm unsure if the problem lies in nss or in the way evolution > loads the DB.
Actually, it might be an ABI issue with evolution or something like that. On the system where I've not added back my certificates (and thus I can't access my mails from evolution), here's the output from evolution startup: ---- corsac@scapa: evolution (evolution:29460): camel-WARNING **: Failed to initialize NSS SQL database in sql:/etc/pki/nssdb: NSS error -8187 (evolution:29460): camel-WARNING **: Unable to load store summary: Expected version (1), got (0) (evolution:29460): camel-WARNING **: Cannot load summary file: Success (evolution:29460): camel-WARNING **: Unable to load store summary: Expected version (1), got (0) (evolution:29460): camel-WARNING **: Cannot load summary file: Success ---- Same output on the one where I did add back my local AC, but it still manages to initialize NSS since it'll later correctly connect to my mail server. If you need more information, please ask. Regards, -- Yves-Alexis Perez
signature.asc
Description: Digital signature
