Ubuntu builds of libnss lack ECC support
Bug #232392 reported by
Kain
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| nss (Debian) |
Fix Released
|
Unknown
|
|||
| nss (Ubuntu) |
Fix Released
|
Medium
|
Alexander Sack | ||
| Hardy |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Ubuntu builds of libnss3 do not build with anything equivalent to NSS_ENABLE_ECC=1 on the make commandline in debian/rules. This breaks anyone using a nss application (evolution, thunderbird, firefox, epiphany etc) attempting to use ECC over SSL.
Exists at least on ubuntu hardy.
To reproduce:
start firefox-3
browse to http://
To fix: add a NSS_ENABLE_ECC=1 to the defines used in debian/rules
Related branches
Revision history for this message
| Kain (kain-kain) wrote | #1 |
| Changed in nss: | |
| status: | Unknown → Fix Released |
Revision history for this message
| Alexander Sack (asac) wrote | #2 |
| Changed in nss: | |
| assignee: | nobody → asac |
| importance: | Undecided → Medium |
| milestone: | none → intrepid-alpha-4 |
| status: | New → Triaged |
Revision history for this message
| Alexander Sack (asac) wrote | #3 |
| Changed in nss: | |
| status: | New → Won't Fix |
| Changed in nss: | |
| status: | Triaged → Fix Committed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in nss: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Attached patch enables ECC cert support in libnss, thus enabling ECC SSL ciphers in at least firefox, xulrunner,and thunderbird.
I have not studied the paths of ECC cert support throughout evolution and it's core dependencies (eds and libcamel) yet, so this does not fix ECC support there fully. What will happen there is ECDSA/ECDH ciphers will work, but you will get server certificate signature errors.