Closed
Bug 435091
Opened 17 years ago
Closed 17 years ago
add support to JSS to initialize NSS with more options
Categories
(JSS Graveyard :: Library, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
4.3
People
(Reporter: glenbeasley, Assigned: glenbeasley)
References
Details
Attachments
(1 file)
|
12.32 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
JSS needs to expose more ways to initialize NSS. The most important features is to enable PKIX verify and also to work with the other PKCS#11 modules that NSS is configured to use.
JSS already exposes a way to init the databases to be readonly we should expose
the other NSS_INIT_ options:
http://mxr.mozilla.org/security/source/security/nss/lib/nss/nss.h#129
|
Assignee | |
Comment 1•17 years ago
|
||
The JSS library and the JSS jar must match. We do not want users to use a new JSS JAR with an old JSS library so we do not have to worry about binary compatibility for the JNI calls. So I removed initializeAllNative2.
User can initialize PKIX Verify and all NSS_INIT_* values.
to initialize PKIX Verify we need to call CERT_SetUsePKIXForValidation which is new to NSS 3.12. This next version of JSS will then require NSS 3.12.
Attachment #322004 -
Flags: review?(wtc)
|
||
Comment 2•17 years ago
|
||
Comment on attachment 322004 [details] [diff] [review]
expose more NSS initialization settings
r=wtc. Please address the last two issues before you check in.
(You can ignore the first "init" prefix issue.)
In keeping with the "readOnly" boolean flag, it seems that
the new boolean flags don't need the "init" prefix. Or perhaps
we should add "init" to "readOnly".
Please remove initReserved. It's not being used, so you don't
need to expose it in JSS.
>+ if( certPrefix != NULL && keyPrefix != NULL && secmodName != NULL &&
>+ initNoCertDB && initNoModDB && initForceOpen && initNoRootInit &&
>+ initOptimizeSpace && initPK11ThreadSafe && initPK11Reload &&
>+ initNoPK11Finalize && initReserved && initCooperate) {
> /*
> * Set up arguments to NSS_Initialize
> */
> szCertPrefix = (char*) (*env)->GetStringUTFChars(env, certPrefix, NULL);
Should those "&&" between the new boolean flags be "||" ?
Attachment #322004 -
Flags: review?(wtc) → review+
|
|
Assignee | |
Comment 3•17 years ago
|
||
Thanks Wan-Teh. I removed the prefix "init", removed initReserved, and changed && to "||".
Before I created the cvs tag "JSS_PRE_NSS_3_12_API" for mozilla/security/jss and mozilla/security/coreconf.
Checking in lib/jss.def;
/cvsroot/mozilla/security/jss/lib/jss.def,v <-- jss.def
new revision: 1.42; previous revision: 1.41
done
Checking in org/mozilla/jss/CryptoManager.c;
/cvsroot/mozilla/security/jss/org/mozilla/jss/CryptoManager.c,v <-- CryptoManager.c
new revision: 1.18; previous revision: 1.17
done
Checking in org/mozilla/jss/CryptoManager.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/CryptoManager.java,v <-- CryptoManager.java
new revision: 1.51; previous revision: 1.50
done
Target Milestone: 4.2.6 → 4.2.7
Version: 4.2.5 → 4.2.6
|
|
Assignee | |
Updated•17 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Target Milestone: 4.2.7 → 4.3
|
|
Assignee | |
Updated•17 years ago
|
OS: Windows Vista → All
Hardware: PC → All
You need to log in
before you can comment on or make changes to this bug.
Description
•