Ruchi Lohani wrote, On 2008-06-27 16:28: > What is the default cert database location for NSS?
It's application dependent and OS dependent. > On my system I find them in ~/.mozilla/firefox/</some_string/>.default/ That's were you find Firefox's DBs on some Unix/Linux systems. Other apps, such as Thunderbird, have their own DBs elsewhere. NSS now has the ability to share DBs among multiple applications, and that implies that DB locations should not necessarily be application dependent any more (for those applications that make use of the new shareable DB feature), but the results will still be OS dependent. > Are they suppose to be in /etc/pki/nssdb? Perhaps some application on some OS has chosen to put NSS DBs there. I think that's probably at least a little unfortunate. I'd expect each user to have his own DBs, and the DBs would be in some directory that is owned and writable by that user. > I was also wondering if my application can directly use the db from the > mozilla location mentioned above or it can cause a problem if mozilla db > is updated and the application is running. Presently, Mozilla apps do not yet use the new sharable SQLite DBs. They still use the old cert8 and key3 Berkeley DBs. Those old DBs had the following rules about sharing: - if any process has the DB open read/write, then only that process may have the DB open at that time. No other process can have the DB open, whether for read/write or read only, while one process has it open read/write. - Any number of processes can have a DB open simultaneously as long as ALL of them have it open read-only, and NO process has it open read/write. If any process opens a DB read/write while some other process has the DB open (either RW or RO), that other process is likely to crash shortly after the first write to the DB is done. Mozilla clients always open the DB for read/write, and hold the DB open continuously for the lifetime of the process. So, in general, no other program should attempt to do anything with a browser DB while the browser is running. > Should the application have its own directory with a copy of these > database files in there? If the application is using the old Berkeley DBs, then yes. Note that it IS possible to get FF3 to use shareable DBs instead of the older Berkeley DBs, by setting an environment variable before starting FF3. This is not for the faint of heart! However, AFAIK, it is not yet possible to get FF3 to open the DBs in any directory other than the user's "profile" directory (where it puts the existing cert8.db files now). So, sharing of DBs between (say) FF3 and TB is not yet feasible, AFAIK. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
