~/.pki/nssdb/pkcs11.txt not properly upgraded leading to lack of TLS validation

Bug #1993963 reported by Bartłomiej Żogała
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
opensc (Ubuntu)
New
Undecided
Unassigned

Bug Description

I've got an issue which I debugged for months to get below root cause. It started when Google Chrome and two Electron(https://github.com/electron) packaged proprietary apps - Slack and Discord stopped working. At the same time Firefox, Chromium and Signal which also Electron based didn't had issues working.
All not working were reporting issues arround: net::ERR_CERT_AUTHORITY_INVALID
After checking files in /etc I started digging for NSS related stuff in home folder. Found the file pkcs11.txt and moved it apart . After launching one of the electron app all started to working again and the pkcs11.txt file was recreated with the difference in slot flags for NSS Internal PKCS #11 Module:

OLD BROKEN FILE: slotFlags=[RSA,DSA,DH,RC2....
NEW WORKING FILE slotFlags=[ECC,RSA,DSA,DH,RC2....

So it was missing ECC flag. Even if this is in userdir not /etc it brake things if not upgraded so this probably should be update by some modutil command at some stage

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: opensc 0.22.0-1ubuntu2
ProcVersionSignature: Ubuntu 5.17.0-1020.21-oem 5.17.15
Uname: Linux 5.17.0-1020-oem x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Sun Oct 23 23:06:14 2022
InstallationDate: Installed on 2015-05-08 (2725 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=pl_PL.UTF-8
 SHELL=/bin/bash
SourcePackage: opensc
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Bartłomiej Żogała (nusch) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.