Closed Bug 1004270 Opened 6 years ago Closed 6 years ago

psm tests: use sql cert/key dbs so we can run tests on android


(Core :: Security: PSM, defect)

Not set





(Reporter: keeler, Assigned: keeler)


(Blocks 1 open bug)



(1 file, 1 obsolete file)

NSS in Firefox for Android apparently can only use the SQL cert/key DBs, so we need to update the psm tests in order to run them on Android.
Basically, we need to set the environment variable NSS_DEFAULT_DB_TYPE=sql in and tlsserver.
Attached patch patch (obsolete) — Splinter Review
Assignee: nobody → dkeeler
Attachment #8415642 - Flags: review?(brian)
Comment on attachment 8415642 [details] [diff] [review]

Review of attachment 8415642 [details] [diff] [review]:

I'm assuming that all the binary files are just conversions of to sqlite.

::: security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
@@ +113,5 @@
>      exit(EXIT_FAILURE);
>    }
>    const char* dbdir = argv[1];
> +  if (PR_SetEnv("NSS_DEFAULT_DB_TYPE=sql") != SECSuccess) {

1. Please add a comment describing why we're doing this.

2. I believe the same effect can be achieved by having the "sql:" prefix added to argv[1] by the calling application. It may be better to do that because then we could have this logic centralized into one place, instead of in every test program that needs access to private keys. (See

::: security/manager/ssl/tests/unit/tlsserver/
@@ +26,5 @@
>  OUTPUT_DIR=${2}
>  RUN_MOZILLA="$OBJDIR/dist/bin/"
>  CERTUTIL="$OBJDIR/dist/bin/certutil"
> +export NSS_DEFAULT_DB_TYPE=sql

Does this need to be exported? NSS_DEFAULT_DB_TYPE=sql isn't good enough?

Also, please add a comment about why we're doing this.

::: security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
@@ +243,5 @@
>    if (callbackPort) {
>      gCallbackPort = atoi(callbackPort);
>    }
> +  if (PR_SetEnv("NSS_DEFAULT_DB_TYPE=sql") != SECSuccess) {

Ditto the comments for GenerateOCSPResponse.cpp.
Attachment #8415642 - Flags: review?(brian) → review+
Attached patch patch v2Splinter Review
Ok - I switched to using "sql:<directory>" when running the test binaries. I thought it was also more clear to basically do the same thing in instead of messing with environment variables. This did involve changing each invocation of certutil, but I think it's clear this way. I also added comments.
Attachment #8415642 - Attachment is obsolete: true
Attachment #8416749 - Flags: review?(brian)
Here's a try run that tests the important things:
(The android xpcshell oranges are because I attempted to enable these tests on that platform, but there's still more work to do for that to work (one is it looks like we can't use port 8080 for OCSP, because it's already in use by something else)).
Blocks: 676972
No longer depends on: 978132
Attachment #8416749 - Flags: review?(brian) → review+
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
You need to log in before you can comment on or make changes to this bug.