Closed Bug 66230 Opened 24 years ago Closed 24 years ago

modutil needs to open secmod.db with temp cert & key db's

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bugz, Assigned: rrelyea)

Details

Attachments

(3 files)

patches to mozilla/security/cmd
1.31 KB, patch
Details | Diff | Splinter Review
patches to mozilla/security/nss/lib/nss
4.44 KB, patch
Details | Diff | Splinter Review
Incorporate Wan-Tehy's suggestion
5.36 KB, patch
Details | Diff | Splinter Review 
modutil has an option -nocertdb, which allows the user to modify a secmod.db 
without initializing cert and key db's.  This option cannot be supported by any 
of the current NSS_Init functions.

Nelson has suggested that since NSS_Initialize is intended to be a general 
initialization function to handle all special initialization functions, it needs 
to be modified to allow for the behavior described above.
Target Milestone: --- → 3.2
Status: NEW → ASSIGNED
Priority: -- → P1
OK, I've added several new options to NSS_Initialize:

1) noCertDB - don't even try to initialize the certificate databases.
2) noModDB - don't even try to initialize the module database.
3) forceOpen - if you can't open any of the databases, continue on with the
temparary db's.

I've modified the commands which use NSS_Initialize() in mozilla/security/cmd to
handle the additional parameters.

    
    

    
  
NOTE:

The following change in nssinit.c
       case 3:
        dbver = "3";
        break;
+      case 1:
+       dbver = "1";
+       break;
       case 2:
       default:
        dbver = "";
Is actually part of the bug fix for bug 68234.

    
    

    
  
I reviewed the two patches and sent my suggested
changes to Bob.

    
    

    
  
Another suggestion, Bob:
Move the comments for NSS_Initialize from nssinit.c
to nss.h.

Or maybe we should not document this function to
prevent people from using it ;-)

    
    

    
  
Bob, I have another suggestion.

Instead of using a PRBool argument for each initialization
option, we can make them bitflags that are OR'ed together.

/* Bitflags for the 'flags' argument of NSS_Initialize */
#define NSS_INIT_READONLY  0x1
#define NSS_INIT_NOCERTDB  0x2
#define NSS_INIT_NOMODDB   0x4
#define NSS_INIT_FORCEOPEN 0x8

extern SECStatus NSS_Initialize(const char *configdir, 
        const char *certPrefix, const char *keyPrefix, const char *secmodName,
        int flags);

This will allow us to add a new Boolean initialization
option without changing the function prototype of
NSS_Initialize.

    
    

    
  
Ooo. I like this much better, and more extensible. I'll make up a new patch this
morning.

    
    

    
  


  

    
    

    
  
r=wtc.

    
    

    
  
OK, Wan-Teh's suggestion has been implemented.

Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: