Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1342745

Summary: nss regression
Product: [Fedora] Fedora Reporter: Thomas Köller <thomas>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 23CC: emaldona, kdudka, kengert, thomas
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-11 20:49:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thomas Köller 2016-06-04 15:32:43 UTC 
Description of problem:
Updating nss from nss-3.23.0-1.0.fc23.x86_64 to 3.24.0-1.1.fc23.x86_64 left my system in a state where I was unable to log in. User information  on my system is kept in a LDAP data base against which login requests are checked. After the update, LDAP clients could no longer connect to slapd using TLS. The journal contained lines like this:

Jun 04 14:08:05 sarkovy sssd[be[koeller.dyndns.org]][1251]: Could not start TLS encryption. unknown error

After downgrading nss to 3.23.0-1.0.fc23, the problem disappeared.

Version-Release number of selected component (if applicable):
3.24.0-1.1.fc23.x86_64

How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:
see above

Expected results:


Additional info:
Comment 1 Thomas Köller 2016-06-04 15:37:02 UTC 
Additional information:
Should have mentioned that slapd on my system does not actually use nss for SSL/TLS services, instead, it is using openssl.
Comment 2 Elio Maldonado Batiz 2016-06-04 17:44:35 UTC 
(In reply to Thomas Köller from comment #1)
This looks like Bug 1342158 for which a Bodhi update under testing is available at https://bodhi.fedoraproject.org/updates/FEDORA-2016-db48cd10e9
Comment 3 Kai Engert (:kaie) (inactive account) 2016-06-14 17:09:38 UTC 
Thomas, could you please give feedback, if the mentioned package update fixes the issue for you?
Comment 4 Thomas Köller 2016-07-11 20:12:59 UTC 
Yes, it does.
Comment 5 Elio Maldonado Batiz 2016-07-11 20:49:30 UTC 
Thank you Thomas for the feedback, I can now close it a duplicate.

*** This bug has been marked as a duplicate of bug 1342158 ***