You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22 lines
980 B
22 lines
980 B
# HG changeset patch |
|
# User Daiki Ueno <dueno@redhat.com> |
|
# Date 1523546409 -7200 |
|
# Thu Apr 12 17:20:09 2018 +0200 |
|
# Node ID 919e116728f29263c17ec31716ac2bd04c10e9ca |
|
# Parent 2eefd697d661efb82a77c84d893e6fbceefdf458 |
|
Bug 1453408, modutil -changepw fails in FIPS mode if password is an empty string |
|
|
|
diff --git a/cmd/modutil/pk11.c b/cmd/modutil/pk11.c |
|
--- a/cmd/modutil/pk11.c |
|
+++ b/cmd/modutil/pk11.c |
|
@@ -764,6 +764,10 @@ ChangePW(char *tokenName, char *pwFile, |
|
ret = CHANGEPW_FAILED_ERR; |
|
goto loser; |
|
} |
|
+ } else if (PK11_IsFIPS() && *newpw == '\0' && PK11_CheckUserPassword(slot, newpw) == SECSuccess) { |
|
+ /* Workaround to suppress harmless error in FIPS mode: |
|
+ * When explicitly setting empty password while the old |
|
+ * password is also empty, skip */ |
|
} else { |
|
if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { |
|
PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
|
|
|