(I believe this is a well known issue but I could not find an open bug) Some people would like to use the NSS Softtoken as a PKCS#11 crypto library. This is made a little difficult by the Softtoken because it requires an NSS specific initialization string. As a simple fix for users who only want crypto and no permanent key storage, initialize Softtoken without a database when no initialization string is set. See attached patch. It uses the same initialization string that would be passed to Softtoken after a call to NSS_NoDB_Init().
Assignee: nobody → rrelyea
Severity: normal → enhancement
Priority: -- → P2
Target Milestone: --- → 3.11.2
We should define carefully what it means to initialize the softoken without the NSS initialization string, because we won't be able to change the definition in the future. A better definition would be to look for the NSS databases in the "default" NSS config directory for the current user. But we'd need to define the default NSS config directory for a user first.
I am not sure there is a good default config directory location that works for everyone. I think the location (and other possible config options) would be better handled via environment variables than hardcoded defaults. I am suggesting to do the easy thing now, which is to initialize Softtoken without a DB if the config string is NULL. This would help people today that just want to use Softtoken as a crypto engine without permanent key storage. If other needs arise in the future, they could be met by using environment variables, which if set would override the NoDB default of today (when the config string is NULL). In other words, the solution proposed by this bug does not preclude future enhancements.
Retargetting all P2s to 3.11.3 .
Target Milestone: 3.11.2 → 3.11.3
Unsetting target milestone in unresolved bugs whose targets have passed.
Target Milestone: 3.12 → ---
The patch for Bug 475578 has a fix at the bottom: https://bugzilla.mozilla.org/attachment.cgi?id=611091&action=diff
You need to log in before you can comment on or make changes to this bug.