Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8020424

The NSS version should be detected before running crypto tests

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P3 P3
    • 8
    • None
    • security-libs
    • None
    • b102
    • generic
    • linux, solaris_10
    • Verified

        Many PKCS11 tests, in particular EC ones, have intermittent failures due to the NSS version on the test machine being old or not supporting the full elliptic curve suite (ECC Basic vs ECC Extended vs none at all).

        The most common error one will see returned from PKCS11 is CKR_DOMAIN_PARAMS_INVALID from EC tests. Others are one-off bugs in NSS that were fixed in later NSS versions. While it would be nice to have all the NSS version up-to-date, it's a reality that these failures will occur in the community and it's best the tests are smarter rather than having to explain the problems over and over.

              ascarpino Anthony Scarpino
              ascarpino Anthony Scarpino
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: