After loading Root Certs, loaded==false: NSS error code: -8018

[ksallberg]

Just creating this issue to see if anyone else experiences it.

Today, I see 'After loading Root Certs, loaded==false: NSS error code: -8018' when trying to use openconnect-sso.

The login window still appears but then the resulting popup window that usually shows "Duo security" currently shows "Unknown error".

Using debian, "uname -a": Linux krisallb-lnx 5.10.0-14-amd64 #1 SMP Debian 5.10.113-1 (2022-04-29) x86_64 GNU/Linux

[avtobiff]

The -8018 error seem to be libnss error SEC_ERROR_UNKNOWN_PKCS11_ERROR. [0,1]

I can't connect either (I experience the same as @ksallberg) but I don't get the above -8018 error when I execute

openconnect-sso -l DEBUG -u ... -s ...

I use Debian sid/unstable and have

libnss3:amd64                                 2:3.77-1

Linux prometheus 5.16.0-6-amd64 #1 SMP PREEMPT Debian 5.16.18-1 (2022-03-29) x86_64 GNU/Linux

[0] https://hg.mozilla.org/projects/nss/file/tip/doc/rst/legacy/ssl_functions/sslerr/index.rst#l1432 [1] https://hg.mozilla.org/projects/nss/file/tip/lib/util/SECerrs.h#l538

[tillmannheigel]

Try to export "--no-sandbox" before starting vpn:

`$ export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"

[jeffsilverm]

I see it while starting google chrome Version 110.0.5481.177 (Official Build) (64-bit) . I was able to trace the problem to [chromium / chromium / src / crypto / refs/heads/main / . / nss_util.cc] (https://chromium.googlesource.com/chromium/src/crypto/+/refs/heads/main/nss_util.cc) line 349. Alas, I don't know where name comes from, only that the value must be "Root Certs". I have been poking around, trying to figure out what is going wrong or even where the error is coming from.