----- Original Message -----
> Right. Would you mind trying the same test on a RHEL6-era type box too,
> where
> nss >= v3.12 ? There should be a sqlite cert9.db / key4.db created.
>
I just tried Kens latest code on RHEL6 & it does indeed create an
SQL database, with no extra magic in the environment other than
PCP_SECURE_SOCKETS=enforce).
In other interesting news ... I've suddenly started seeing the other
warnings Ken has observed, i.e.
"The operation failed because the PKCS#11 token is not logged in."
>From some further digging and experimentation, it would appear that
theres something fishy in the way we are initialising the certificate
DB (or rather, the way it is being initialised on our behalf).
If I remove everything from below ~/.pki and have it created via the
libpcp NSS init, I get the warning. However, if its been created by
a browser (like chrome - so, just startup chrome and it creates it),
I don't get the message when I run pminfo!?! So, there must be some
extra special sauce added by chrome when it initialises NSS compared
to the way we're doing it.
Narrowing it down further, if I copy the key4.db file over from the
google-created set to replace our own variant of that file, voila,
the warning message is gone! I've no idea what extra steps chrome
is taking, but the key (*hahaha*) surely lies in finding that out.
cheers.
--
Nathan
|