Bug 1225645

Summary: [SECURITY][FIPS] openjdk_fips test breaks with the new mozilla-nss update
Product: [openSUSE] PUBLIC SUSE Linux Enterprise Server 15 SP5 Reporter: Timo Jyrinki <tjyrinki>
Component: Security CertificationsAssignee: Certification Bugs <certification-bugs>
Status: NEW --- QA Contact:
Severity: Normal    
Priority: P5 - None CC: felice.maccaro, martin.sirringhaus, tjyrinki
Version: unspecifiedFlags: martin.sirringhaus: needinfo? (tjyrinki)
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://openqa.suse.de/tests/14484347/modules/openjdk_fips/steps/36
Whiteboard: FIPS
Found By: openQA Services Priority:
Business Priority: Blocker: Yes
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1220333    

Description Timo Jyrinki 2024-05-30 08:42:43 UTC 
New mozilla-nss update being tested for 15-SP5, including fix for bsc#1223724, is causing a problem "NSS initialization failed" when trying to list all JCA Security Providers with openjdk.

See https://openqa.suse.de/tests/latest?arch=x86_64&distri=sle&flavor=Server-DVD-Updates&machine=64bit&test=fips_ker_mode_openjdk&version=15-SP5 and more specifically https://openqa.suse.de/tests/14484347#step/openjdk_fips/36

It's running https://github.com/ecki/JavaCryptoTest by compiling it and executing java -cp ~/JavaCryptoTest/src/main/java/ net.eckenfels.test.jce.JCEProviderInfo
(code at https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/lib/openjdktest.pm)
Comment 1 Martin Sirringhaus 2024-07-16 11:39:10 UTC 
Could you please retest with NSS 3.101.1 from https://build.suse.de/package/show/Devel:Desktop:Mozilla:SLE-15:next/mozilla-nss and see if the problem persists?
Comment 2 Martin Sirringhaus 2024-07-16 14:13:20 UTC 
See also: https://bugzilla.suse.com/show_bug.cgi?id=1227918#c1