From nobody Wed Feb 07 16:10:08 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TVQ7Z1cKVz59dTB for ; Wed, 7 Feb 2024 16:10:18 +0000 (UTC) (envelope-from john@johnrshannon.com) Received: from maila.johnrshannon.com (maila.johnrshannon.com [104.153.32.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TVQ7Y2FbJz4Rjc for ; Wed, 7 Feb 2024 16:10:17 +0000 (UTC) (envelope-from john@johnrshannon.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=johnrshannon.com header.s=dkim header.b=dhDG+WZR; dmarc=pass (policy=reject) header.from=johnrshannon.com; spf=pass (mx1.freebsd.org: domain of john@johnrshannon.com designates 104.153.32.124 as permitted sender) smtp.mailfrom=john@johnrshannon.com Received: from [10.168.1.38] (thin1.office.johnrshannon.com [10.168.1.38]) by maila.johnrshannon.com (Postfix) with ESMTP id 58C3C67F for ; Wed, 7 Feb 2024 09:10:08 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=johnrshannon.com; s=dkim; t=1707322208; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e29d5PTJoKKYd6gIq2moFE5B0m2tTq8VI83NG8we+eU=; b=dhDG+WZRcm1GJXgmYXTzC9tPjIzCoP0EHIER/Ps8n1pWL0zFQ+YZAzVb98DKDOdiVqlYMy 0AmSeWgJxxEy6UMOWphM7A/TOIdJ/I5/T1R1CSAC+nxbNHqelXeRKXXAcEGcvHEYQGiHjt gy+q3FHY26yIA1P+XqxI/EtIVmyZe7arjND8hha2NLHlmAylxop8RgpyJVNl/eaQGMjJZv lmBlQxZhUjihDsWeNwEUd6NYXZ1m7qVR1C1MtnGzLAzvDACIkV5mqfqviP9TuOeGWIverS qUIAhEVEpBJVXgnSKGJggzHYBNAnBOroZqPbUsIGHuqUMz2uBEAdIV0vp+N8rw== Message-ID: Date: Wed, 7 Feb 2024 09:10:08 -0700 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: CA Authorities problem with Firefox and Thunderbird From: John Shannon To: freebsd-questions@freebsd.org References: <9dfe7129-b0f8-4c45-8650-58a81ecd357d@johnrshannon.com> <3ea996af-fe6d-4b0b-b64e-b1abd1179d69@johnrshannon.com> Content-Language: en-US In-Reply-To: <3ea996af-fe6d-4b0b-b64e-b1abd1179d69@johnrshannon.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.88 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.89)[-0.889]; DMARC_POLICY_ALLOW(-0.50)[johnrshannon.com,reject]; R_DKIM_ALLOW(-0.20)[johnrshannon.com:s=dkim]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:32444, ipnet:104.153.32.0/24, country:US]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[johnrshannon.com:+] X-Rspamd-Queue-Id: 4TVQ7Y2FbJz4Rjc More strange behavior in Firefox noticed: about:preferences#privacy "Security Devices" shows none.  It should at least show the NSS Internal PKCS11 module, Builtin Root module, and OS Client Cert Module. Many javascript websocket errors occur on startup in addition to the errors shown in the forwarded mail. On 2/6/24 14:26, John Shannon wrote: > I just install chromium and get a similar error on starting it: > >> $ chrome >> [64147:-1207885824:0206/141530.076312:ERROR:nss_util.cc(239)] Error >> initializing NSS with a persistent database >> (sql:/home/john/.pki/nssdb): NSS error code: -8023 >> [64147:-1207885824:0206/141530.076365:ERROR:nss_util.cc(124)] Error >> initializing NSS without a persistent database: NSS error code: -8023 >> [64147:-1207885824:0206/141530.076370:FATAL:nss_util.cc(126)] >> nss_error=-8023, os_error=0 > > I found that I also get the same error in libreoffice. > > All the problem programs depend on nspr and nss. > > On 2/6/24 12:58, John Shannon wrote: >> More was written to standard error: >> >> >>> JavaScript error: resource://gre/modules/ServiceRequest.sys.mjs, >>> line 98: TypeError: Services.policies.getActivePolicies().filter is >>> not a function >>> JavaScript error: resource://gre/modules/ServiceRequest.sys.mjs, >>> line 98: TypeError: Services.policies.getActivePolicies().filter is >>> not a function >>> JavaScript error: resource://gre/modules/XULStore.sys.mjs, line 60: >>> Error: Can't find profile directory. >>> JavaScript error: resource://gre/modules/XULStore.sys.mjs, line 60: >>> Error: Can't find profile directory. >>> JavaScript error: resource://gre/modules/ServiceRequest.sys.mjs, >>> line 98: TypeError: Services.policies.getActivePolicies().filter is >>> not a function >>> JavaScript error: resource://gre/modules/ServiceRequest.sys.mjs, >>> line 98: TypeError: Services.policies.getActivePolicies().filter is >>> not a function >>> JavaScript error: resource://gre/modules/crypto-SDR.sys.mjs, line >>> 49: NS_ERROR_XPC_GS_RETURNED_FAILURE: ServiceManager::GetService >>> returned failure code: >>> JavaScript error: resource://gre/modules/storage-json.sys.mjs, line >>> 107: Error: Initialization failed >>> JavaScript error: resource://gre/modules/ServiceRequest.sys.mjs, >>> line 98: TypeError: Services.policies.getActivePolicies().filter is >>> not a function >>> JavaScript error: resource://gre/modules/ServiceRequest.sys.mjs, >>> line 98: TypeError: Services.policies.getActivePolicies().filter is >>> not a function >>> JavaScript error: resource://gre/modules/ServiceRequest.sys.mjs, >>> line 98: TypeError: Services.policies.getActivePolicies().filter is >>> not a function >>> JavaScript error: resource://gre/modules/LoginHelper.sys.mjs, line >>> 1578: NS_ERROR_XPC_GS_RETURNED_FAILURE: ServiceManager::GetService >>> returned failure code: >>> JavaScript error: chrome://pippki/content/certManager.js, line 297: >>> NS_ERROR_XPC_GS_RETURNED_FAILURE: ServiceManager::GetService >>> returned failure code: >>> JavaScript error: chrome://pippki/content/certManager.js, line 744: >>> TypeError: certdb is undefined >> >> >> On 2/6/24 12:38, John Shannon wrote: >>> When starting Firefox from the command line and trying to import a >>> certificate I get: >>> >>>> JavaScript error: chrome://pippki/content/certManager.js, line 744: >>>> TypeError: certdb is undefined >>> >>> in the messages to standard out/error. Not sure what to do about that. >>> >>> On 2/6/24 04:03, john wrote: >>>> After my last pkg upgrade Firefox and Thunderbird both show no >>>> Authorities under Certificate Manager in settings. Missing are all >>>> the certificates listed by certctl along with DoD CAs added through >>>> Firefox import and site CA added through Thunderbird import. >>>> >>>> Command line use of: >>>> >>>> % openssl s_client -connect google.com:443 -CAfile >>>> /usr/local/etc/ssl/cert.pem >>>> >>>> works as does other software using TLS. >>>> >>>> Pkg versions: >>>> >>>> firefox-122.0_3,2 >>>> thunderbird-115.7.0_1 >>>> nss-3.97 >>>> sqlite3-3.45.0_1,1 >>>> ca_root_nss-3.93_2 >>>> >>>> $ freebsd-version >>>> 14.0-RELEASE-p4 >>>> >>>> -- John R. Shannon john@johnrshannon.com