-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
pesign uses older dbm format nssdb #34
Comments
As e.g. the test certs provided by Fedora are incompatible with nss 3.51.1 (currently the default on Arch Linux), I am unable to reproduce in what way I would actually have to create a database, that can then be used by pesign/pesign-client. I have tried to do an upgrade of those files, but to no avail:
I don't know if the database files can be updated or not and also don't know what the correct upgrade-id would be. Therefore I have tried getting things running with the new format from the start.
The created files I have installed to Lines 102 to 138 in cbc37d9
The key was created as follows:
and I made sure, that the key was imported with a token name specified (i.e. The import works fine, but whatever I choose as
However, the cert is found in the database by certutil:
I wonder what I'm doing wrong here and where I can find further documentation on this. |
Hi, so I can help with some of the your questions:
|
pesign currently ships with an old format nssdb.
it can convert to the newer format with:
certutil -K -d sql:etc/pki/pesign -X
and the source code should probably be changed to something like:
(or set
NSS_DEFAULT_DB_TYPE=sql
in environment)The text was updated successfully, but these errors were encountered: