I'm trying to access a web site that has stored a certificate through java, using firefox (www-client/firefox-bin). The site fails to find the stored certificate. I've verified that the certificate exists in java using jcontrol. I enabled the log and this is what it showed: <?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE log SYSTEM "logger.dtd"> <log> <record> <date>2012-05-16T11:45:10</date> <millis>1337157910723</millis> <sequence>1</sequence> <logger>sun.plugin</logger> <level>FINE</level> <class>com.sun.deploy.util.LoggerTraceListener</class> <method>print</method> <thread>11</thread> <message>May 16, 2012 11:45:10 AM net.sf.dsig.keystores.KeyStoreProxyFactory addMozillaKeyStore WARNING: Could not initialize Mozilla KeyStore java.security.ProviderException: Initialization failed at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:340) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:90) at net.sf.dsig.keystores.MozillaKeyStoreFactory.getKeyStore(MozillaKeyStoreFactory.java:77) at net.sf.dsig.keystores.KeyStoreProxyFactory.addMozillaKeyStore(KeyStoreProxyFactory.java:134) at net.sf.dsig.keystores.KeyStoreProxyFactory.createKeyStoreProxy(KeyStoreProxyFactory.java:82) at net.sf.dsig.DSApplet.init(DSApplet.java:386) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Plugin2Manager.java:1636) at java.lang.Thread.run(Thread.java:662) Caused by: java.io.IOException: libmozsqlite3.so: cannot open shared object file: No such file or directory/opt/firefox/libsoftokn3.so at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method) at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:141) at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:154) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:281) ... 7 more </message> </record> </log> Then I did and ldd on /opt/firefox/libsoftokn3.so and this was the result: ldd /opt/firefox/libsoftokn3.so linux-gate.so.1 => (0xffffe000) libmozsqlite3.so => not found libnssutil3.so => /usr/lib/libnssutil3.so (0xb7849000) libplc4.so => /usr/lib/libplc4.so (0xb7844000) libplds4.so => /usr/lib/libplds4.so (0xb7840000) libnspr4.so => /usr/lib/libnspr4.so (0xb7808000) libpthread.so.0 => /lib/libpthread.so.0 (0xb77ee000) libdl.so.2 => /lib/libdl.so.2 (0xb77ea000) libc.so.6 => /lib/libc.so.6 (0xb768a000) /lib/ld-linux.so.2 (0xb78c3000) The problem I suspect, lies in that, while /usr/bin/firefox adds /opt/firefox to LD_LIBRARY_PATH there is no way to "tell" the java plugin to start java with the the same LD_LIBRARY_PATH. My quick and dirty solution was to put a link to /opt/firefox/libmozsqlite3.so in /usr/lib/ here's my emerge --infoPortage 2.1.10.49 (default/linux/x86/10.0, gcc-4.5.3, glibc-2.13-r4, 3.2.1-gentoo-r2-1 i686) ================================================================= System uname: Linux-3.2.1-gentoo-r2-1-i686-Intel-R-_Core-TM-2_CPU_6600_@_2.40GHz-with-gentoo-2.0.3 Timestamp of tree: Tue, 08 May 2012 12:30:01 +0000 app-shells/bash: 4.2_p20 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.2-r3, 3.1.4-r3, 3.2.2 dev-util/cmake: 2.8.6-r4 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.9.9.3 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13::<unknown repository>, 2.68 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.21.1-r1 sys-devel/gcc: 4.5.3-r2 sys-devel/gcc-config: 1.5-r2 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 3.1 (virtual/os-headers) sys-libs/glibc: 2.13-r4 Repositories: gentoo proaudio x-portage ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* PUEL" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=core2 -mtune=core2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -march=core2 -mtune=core2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://files.gentoo.gr http://ftp.uoi.gr/mirror/OS/gentoo/ http://ftp.ntua.gr/pub/linux/gentoo/ http://ftp.physics.auth.gr/pub/mirrors/gentoo/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en en_US en_GB el" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/pro-audio /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X acl acpi alsa apache2 apm berkdb bitmap-fonts bluetooth bzip2 cairo cdda cdr cli consolekit cracklib crypt ctype cups cxx dbus dri dvd dvdr exif firefox fontconfig fortran gd gdbm gif glitz gnome gpm gstreamer gtk hpcups iconv introspection jpeg libnotify lm_sensors mmx modules mudflap mysql ncurses networkmanager nls nptl nsplugin nvidia opengl openmp pam pcre php pmu png policykit ppds pppd pulseaudio python qt3support qt4 readline samba semantic-desktop session sql sqlite3 sse sse2 ssl svg tcpd thunderbird tiff truetype truetype-fonts type1 type1-fonts udev unicode vdpau webkit x86 xcomposite xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="access auth auth_dbm auth_anon auth_digest authz_host alias file-cache echo charset-lite cache disk-cache mem-cache filter ext-filter case_filter case-filter-in deflate mime-magic cern-meta expires headers usertrack unique-id proxy proxy-connect proxy-ftp proxy-http info include cgid dav dav-fs vhost-alias speling rewrite log_config logio env setenvif mime status autoindex asis negotiation dir imap actions userdir so authz_default auth_basic authn_file authn_dbm authz_groupfile authz_owner authz_user" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_US en_GB el" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Can't see what Java can do here. Looks like /opt/firefox would need to be added to rpath explicitly to firefox-bin's own executables/libs.
Open a bug upstream, we do not roll the -bin packages for gentoo.
Belongs to upstream not gentoo.
