Libnss3 doesn't log SEC_ERROR_UNKNOWN_PKCS11_ERROR properly ( NSS error code: -8018 )
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NSS |
Invalid
|
Unknown
|
|||
nss (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
I've got the issue with Google Chrome not recognizing any of SSL/TSL certificates as trusted. When I look into certificate checksums it's renders all bytes of it as NULL bytes. I'm aware Google Chrome is proprietary but it depends on ubuntu provided libnss3-package. And libnss provides very nigmatic error code -8018:
`/opt/google/
[23391:
[23434:
[23391:
----- Certificate i=3 (CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE) -----
ERROR: No matching issuer found
'
When trying to enter this particular error code into search engine nothing is found. So my suggestion with this bug is to make it more transparent by providing information to what happened - it seems other bug codes has better error messages. To get SEC_ERROR_
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libnss3 2:3.35-2ubuntu2.13
Uname: Linux 5.10.0-
ApportVersion: 2.20.9-0ubuntu7.27
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sun Feb 13 13:33:51 2022
Dependencies:
gcc-8-base 8.4.0-1ubuntu1~
libc6 2.27-3ubuntu1.5 [origin: LP-PPA-
libgcc1 1:8.4.0-
libnspr4 2:4.18-1ubuntu1
libsqlite3-0 3.22.0-1ubuntu0.4
InstallationDate: Installed on 2015-05-08 (2473 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=pl_PL.UTF-8
SHELL=/bin/bash
SourcePackage: nss
UpgradeStatus: Upgraded to bionic on 2018-08-26 (1266 days ago)
information type: | Private Security → Public |
Changed in nss: | |
status: | Unknown → Invalid |
Hello,
Thanks for filing this bug and helping us get better. I tried to take a look into this but I can't seem to be able to reproduce this. Do you have a set of steps so that I can reproduce this, maybe?
Without being able to reproduce the above issue, I am not sure how much I/we might be able to help but we try our best. :)
Let us know the same and please change the status of the bug to "New" again once you do that and we'll be happy to take a look again! \o/