modutil has an option -nocertdb, which allows the user to modify a secmod.db without initializing cert and key db's. This option cannot be supported by any of the current NSS_Init functions. Nelson has suggested that since NSS_Initialize is intended to be a general initialization function to handle all special initialization functions, it needs to be modified to allow for the behavior described above.
OK, I've added several new options to NSS_Initialize: 1) noCertDB - don't even try to initialize the certificate databases. 2) noModDB - don't even try to initialize the module database. 3) forceOpen - if you can't open any of the databases, continue on with the temparary db's. I've modified the commands which use NSS_Initialize() in mozilla/security/cmd to handle the additional parameters.
NOTE: The following change in nssinit.c case 3: dbver = "3"; break; + case 1: + dbver = "1"; + break; case 2: default: dbver = ""; Is actually part of the bug fix for bug 68234.
I reviewed the two patches and sent my suggested changes to Bob.
Another suggestion, Bob: Move the comments for NSS_Initialize from nssinit.c to nss.h. Or maybe we should not document this function to prevent people from using it ;-)
Bob, I have another suggestion. Instead of using a PRBool argument for each initialization option, we can make them bitflags that are OR'ed together. /* Bitflags for the 'flags' argument of NSS_Initialize */ #define NSS_INIT_READONLY 0x1 #define NSS_INIT_NOCERTDB 0x2 #define NSS_INIT_NOMODDB 0x4 #define NSS_INIT_FORCEOPEN 0x8 extern SECStatus NSS_Initialize(const char *configdir, const char *certPrefix, const char *keyPrefix, const char *secmodName, int flags); This will allow us to add a new Boolean initialization option without changing the function prototype of NSS_Initialize.
Ooo. I like this much better, and more extensible. I'll make up a new patch this morning.
OK, Wan-Teh's suggestion has been implemented.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.