modutil needs to open secmod.db with temp cert & key db's

RESOLVED FIXED in 3.2

Status

P1
critical
RESOLVED FIXED
18 years ago
18 years ago

People

(Reporter: bugz, Assigned: rrelyea)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

18 years ago
modutil has an option -nocertdb, which allows the user to modify a secmod.db 
without initializing cert and key db's.  This option cannot be supported by any 
of the current NSS_Init functions.

Nelson has suggested that since NSS_Initialize is intended to be a general 
initialization function to handle all special initialization functions, it needs 
to be modified to allow for the behavior described above.
(Reporter)

Updated

18 years ago
Target Milestone: --- → 3.2
(Assignee)

Updated

18 years ago
Status: NEW → ASSIGNED

Updated

18 years ago
Priority: -- → P1
(Assignee)

Comment 1

18 years ago
OK, I've added several new options to NSS_Initialize:

1) noCertDB - don't even try to initialize the certificate databases.
2) noModDB - don't even try to initialize the module database.
3) forceOpen - if you can't open any of the databases, continue on with the
temparary db's.

I've modified the commands which use NSS_Initialize() in mozilla/security/cmd to
handle the additional parameters.
(Assignee)

Comment 2

18 years ago
Created attachment 24820 [details] [diff] [review]
patches to mozilla/security/cmd
(Assignee)

Comment 3

18 years ago
Created attachment 24821 [details] [diff] [review]
patches to mozilla/security/nss/lib/nss
(Assignee)

Comment 4

18 years ago
NOTE:

The following change in nssinit.c
       case 3:
        dbver = "3";
        break;
+      case 1:
+       dbver = "1";
+       break;
       case 2:
       default:
        dbver = "";
Is actually part of the bug fix for bug 68234.

Comment 5

18 years ago
I reviewed the two patches and sent my suggested
changes to Bob.

Comment 6

18 years ago
Another suggestion, Bob:
Move the comments for NSS_Initialize from nssinit.c
to nss.h.

Or maybe we should not document this function to
prevent people from using it ;-)

Comment 7

18 years ago
Bob, I have another suggestion.

Instead of using a PRBool argument for each initialization
option, we can make them bitflags that are OR'ed together.

/* Bitflags for the 'flags' argument of NSS_Initialize */
#define NSS_INIT_READONLY  0x1
#define NSS_INIT_NOCERTDB  0x2
#define NSS_INIT_NOMODDB   0x4
#define NSS_INIT_FORCEOPEN 0x8

extern SECStatus NSS_Initialize(const char *configdir, 
        const char *certPrefix, const char *keyPrefix, const char *secmodName,
        int flags);

This will allow us to add a new Boolean initialization
option without changing the function prototype of
NSS_Initialize.
(Assignee)

Comment 8

18 years ago
Ooo. I like this much better, and more extensible. I'll make up a new patch this
morning.
(Assignee)

Comment 9

18 years ago
Created attachment 24954 [details] [diff] [review]
Incorporate Wan-Tehy's suggestion

Comment 10

18 years ago
r=wtc.
(Assignee)

Comment 11

18 years ago
OK, Wan-Teh's suggestion has been implemented.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.