Firefox uses its own version of NSS, incompatible with system version
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
thunderbird (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Because of bug 1647285 I need to install corporate SSL CAs into the database of each NSS-using application individually. Unfortunately it doesn't seem to work for Firefox. Not only does Firefox ship with its *own* version of NSS instead using the system's version, but it even seems to be configured very differently.
Firefox appears to use the legacy Berkeley DB database for its softokn, in key3.db/cert8.db. However, the system's certutil won't work with that legacy format:
$ certutil -d ~/.mozilla/
certutil: function failed: SEC_ERROR_
I can force it to use the SQL database in key4.db/cert9.db by running with NSS_DEFAULT_
Changed in firefox (Ubuntu): | |
status: | New → Confirmed |
The Firefox we ship is deliberately as close as possible to what Mozilla provides, so this isn't going to change