Am Mittwoch, 11. Januar 2017 14:23:45 UTC+1 schrieb John Dennis: > On 01/11/2017 03:21 AM, Opa114 wrote: > > Am Mittwoch, 11. Januar 2017 00:45:45 UTC+1 schrieb Robert Relyea: > >> On 01/10/2017 02:07 PM, Opa114 wrote: > >>> Am Dienstag, 10. Januar 2017 22:24:10 UTC+1 schrieb Robert Relyea: > >>>> On 01/10/2017 10:18 AM, Opa114 wrote: > >>>>> thanks, but these facts i know. > >>>>> I don't want top let multiple applications open one Database, i want to > >>>>> open multiple different Mozilla databases, in the old standard format, > >>>>> with one (my) application. > >>>>> > >>>>> I tried to use the NSS_Init functions. These works with openening one > >>>>> database, but when i open a second one the whole application crashes,so > >>>>> that's why i asked the question and may be get some working example c++ > >>>>> code? > >>>> 1) Where are you crashing (it's not expected to work, but I don't expect > >>>> a crash because you called NSS_Init again). > >>>> > >>>> 2) To open additional databases you want to use SECMOD_OpenUserDB: > >>>> > >>>> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11_Functions#SECMOD_OpenUserDB > >>>> > >>>> You can call that multiple times. > >>>> Once the database is opened any of the NSS find functions will find all > >>>> the certs in both databases. The slot returned from SECOMD_OpenUserDB > >>>> can be used in functions that take a slot to narrow the operations just > >>>> to that particular database. > >>>> > >>>> To NSS each database will look basically like a smart card. > >>>> > >>>> When you are through with that database you can use SECMOD_CloseUserDB() > >>>> > >>>> bob > >>> > >>> thanks for reply. Here are first some little code of which did not work, > >>> that means it crashes: > >>> > >>> functionLoadFirefox() { > >>> SECStatus rv = NSS_InitReadWrite(PATH_TO_FF_DB); > >>> ... if success load Certificates with PK11_ListCerts(PK11CertListAll, > >>> NULL); > >>> NSS_Shutdown(); > >>> } > >>> > >>> functionLoadThunderbird() { > >>> SECStatus rv = NSS_InitReadWrite(PATH_TO_TB_DB); > >>> ... if success load Certificates with PK11_ListCerts(PK11CertListAll, > >>> NULL); > >>> NSS_Shutdown(); > >>> } > >>> > >>> So these are my two functions in which i opened and clos the databases > >>> and retrieve the certificates. > >> So the certs you got from the first call is likely preventing > >> NSS_Shutdown from completing. The certs hold references to the > >> respective slots. Those references prevent NSS_Shutdown from closing > >> completely. The will prevent the second NSS_Init from succeeding, so you > >> probably crash in your second shutdown. You can detect this happened by > >> looking at the return value from NSS_Shutdown(). > >>> > >>> --> 2) To open additional databases you want to use SECMOD_OpenUserDB > >>> So this means. First i have to call NSS_Init with let's say firefox > >>> database ad the i have to call SECMOD_OpenUserDB with the > >>> thudnerbirddatabse, right? Or must i load both with the SECMOD_OpenUserDB? > >> You can either use NSS_Init with no database and then call > >> SECMOD_OpenUserDB() for both, or you can call NSS_Init with one database > >> and then call SECMOD_OpenUserDB with the other. > >>> > >>> --> Once the database is opened any of the NSS find functions will find > >>> all the certs in both databases > >>> But i have to know from which databse the certificates are coming from. > >>> So i need to know that let's say Certificate ABC ist stored inside > >>> Firefox Databse and Certificate 123 is stored in Thunerbird Database. How > >>> can i do that? or is this not possible? > >> The slot the database can be found in the cert->slot entry, but this > >> will only give you ONE of the slots the cert lives in. If a cert exists > >> in both databases, it will have a single entry on the list and be > >> "somewhat" random which slot is listed (If you open one database with > >> NSS_Init and the second with SECMOD_OpenUserDB() then the one you opened > >> with SECMOD_OpenUserDB() will be the slot that shows up. > >> > >> To fix this issue, there's a function called PK11_GetAllSlotsForCert() > >> which returns a slotList and will return all the slots that hold this > >> cert. The slots map one for one to the databases you opened (or any > >> smart cards you have loaded). You can control the 'tokenName' of each > >> slot with the string arguments you pass to SECMOD_OpenUserDB(), and you > >> can get the token name with PK11_GetTokenName() on each slot on the list.. > >> > >> You could also use PK11_ListCertsInSlot() which takes a slot > >> (SECMOD_OpenUserDB() will return a slot for you) and lists only those > >> certs in that slot. > >> > >> Be sure to free all these things once you are through with them, or your > >> shutdown will fail at the end again. > >> > >> > >> bob > > > > thanks again for the detailed explanation, that helps me a lot - many > > thanks! > > > > --> So the certs you got from the first call is likely preventing > > NSS_Shutdown from completing..... > > So when i free the used stuff i can close the database correctly, so that i > > can open the second one. If i can close the first one correctly and NSS > > shuts down i should be able to open the second one, too. > > Can you give me some more details to my piece of code or in general how to > > free the things correctly? > > Yes, you have to make sure NSS_Shutdown*() returns without an error, if > it doesn't the next NSS_init* won't work. You can test for whether NSS > is still in an initialized state with NSS_IsInitialized(). If NSS does > not shutdown successfully it's because of dangling references, finding > out who is holding on to these is the tricky part. Calling > NSS_DumpCertificateCacheInfo() *may* give you enough addition > information to figure that out. In the past I've had to resort to > running the process under GDB and step through code and data structures > to figure it out. How hard this is is really a reflection of the > complexity of your application code. In our case it was pretty complex. > If your code is simple and clean it may be a total non-issue, YMMV. > > > > > So if it will be better to open the two or more databases but successively > > and not at the same time as i wanted to do it. Would this be the better > > working solution. The only thing is that i then must reopen and shutdown > > the databses multiple times if needed. > > Yes, it's better for successive single databases than multiple > simultaneous IMHO. > > > And did i understand it right, that i can use SECMOD_OpenUserDB() and > > SECMOD_CloseUserDB() to open and close the databases instead of using > > NSS_Init() and NSS_Shutdown()? The SECMOD-functions do call them internal > > or? Or does it not matter which of the functions i use? > > > > --> ... if you try to trust one CA in one DB/slot and not trust it in > > another DB/slot, you won't actually be able to do that > > This is extremely bad, because i have to maybe change the Trust-Status of > > some Certificates. > > > > So in conclusion for my needs it would be the way to open each database > > separately and successively? > > > > > -- > John
thanks John for the explanation. I will try it this way when i have tim to test it again :/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
