Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: thunderbird (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1648616
Title:
Firefox uses its own version of NSS, incompatible with system version
Status in firefox package in Ubuntu:
Invalid
Status in thunderbird package in Ubuntu:
Confirmed
Bug description:
Because of bug 1647285 I need to install corporate SSL CAs into the
database of each NSS-using application individually. Unfortunately it
doesn't seem to work for Firefox. Not only does Firefox ship with its
*own* version of NSS instead using the system's version, but it even
seems to be configured very differently.
Firefox appears to use the legacy Berkeley DB database for its
softokn, in key3.db/cert8.db. However, the system's certutil won't
work with that legacy format:
$ certutil -d ~/.mozilla/firefox/default.default/ -L
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
database is in an old, unsupported format.
I can force it to use the SQL database in key4.db/cert9.db by running
with NSS_DEFAULT_DB_TYPE=sql, and then I *can* install trusted CAs
with certutil. But actually, it's much simpler to just make a symlink
from firefox's own special copy of the SSL trust roots in
libnssckbi.so, to the system's p11-kit-trust.so — thus making Firefox
honour the system trust configuration.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1648616/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
