Hi NSS friends,
I've chatted a bit with a NSS dev about initializing NSS:
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/4cc313a18f31f9cb
and based on that I would like to commit the patch below which does:
- add a check if SSL_DIR env var points to a valid dir
- remove NSS_Initialize() 4th argument secmod.db which seems not needed
- add a check if we run on 3.12.0 or later, and based on the result
prefix the certpath with 'sql:'
I've tested it with old and new databases on OpenSuSE, and seems to work
fine - please review and test before I commit it!
--- lib/nss.c.orig 2009-09-08 04:00:15.000000000 +0200
+++ lib/nss.c 2009-09-15 04:09:51.000000000 +0200
@@ -964,16 +964,23 @@
/* FIXME. NSS doesn't support multiple databases open at the same
time. */
PR_Lock(nss_initlock);
if(!initialized) {
+ struct_stat st;
- certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
+ /* First we check if $SSL_DIR points to a valid dir */
+ certDir = getenv("SSL_DIR");
+ if(certDir) {
+ if((stat(certDir, &st) != 0) ||
+ (!S_ISDIR(st.st_mode))) {
+ certDir = NULL;
+ }
+ }
+ /* Now we check if the default location is a valid dir */
if(!certDir) {
- struct_stat st;
-
- if(stat(SSL_DIR, &st) == 0)
- if(S_ISDIR(st.st_mode)) {
- certDir = (char *)SSL_DIR;
- }
+ if((stat(SSL_DIR, &st) == 0) &&
+ (S_ISDIR(st.st_mode))) {
+ certDir = (char *)SSL_DIR;
+ }
}
if (!NSS_IsInitialized()) {
@@ -984,8 +991,11 @@
rv = NSS_NoDB_Init(NULL);
}
else {
- rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db",
- NSS_INIT_READONLY);
+ char *certpath = PR_smprintf("%s%s",
+ NSS_VersionCheck("3.12.0") ? "sql:" : "",
+ certDir);
+ rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
+ PR_smprintf_free(certpath);
}
if(rv != SECSuccess) {
infof(conn->data, "Unable to initialize NSS database\n");
Gün.
--- lib/nss.c.orig 2009-09-08 04:00:15.000000000 +0200
+++ lib/nss.c 2009-09-15 04:09:51.000000000 +0200
@@ -964,16 +964,23 @@
/* FIXME. NSS doesn't support multiple databases open at the same time. */
PR_Lock(nss_initlock);
if(!initialized) {
+ struct_stat st;
- certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
+ /* First we check if $SSL_DIR points to a valid dir */
+ certDir = getenv("SSL_DIR");
+ if(certDir) {
+ if((stat(certDir, &st) != 0) ||
+ (!S_ISDIR(st.st_mode))) {
+ certDir = NULL;
+ }
+ }
+ /* Now we check if the default location is a valid dir */
if(!certDir) {
- struct_stat st;
-
- if(stat(SSL_DIR, &st) == 0)
- if(S_ISDIR(st.st_mode)) {
- certDir = (char *)SSL_DIR;
- }
+ if((stat(SSL_DIR, &st) == 0) &&
+ (S_ISDIR(st.st_mode))) {
+ certDir = (char *)SSL_DIR;
+ }
}
if (!NSS_IsInitialized()) {
@@ -984,8 +991,11 @@
rv = NSS_NoDB_Init(NULL);
}
else {
- rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db",
- NSS_INIT_READONLY);
+ char *certpath = PR_smprintf("%s%s",
+ NSS_VersionCheck("3.12.0") ? "sql:" : "",
+ certDir);
+ rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
+ PR_smprintf_free(certpath);
}
if(rv != SECSuccess) {
infof(conn->data, "Unable to initialize NSS database\n");
