Nelson B Bolyard wrote:
There isn't one yet. Until the shared database code went in, each application had to keep its databases separate from other applications. With shared databases, we will be defining a new user location for all applications to share. This will likely still be OS dependent. For Linux, my current thinking is that it would be ~/.pki/nssdb or something similiar.. (actually now is a good time to bring that up...)What is the default cert database location for NSS?It's application dependent and OS dependent.
That's the "system" location in RH Linux. System tools use that location. As part of crypto consolidation, we will probably encourage applications to open this location read only as well. This will allow sys admins to install new root certs for all users, for instance.Are they suppose to be in /etc/pki/nssdb?Perhaps some application on some OS has chosen to put NSS DBs there.
In general, I wouldn't, unless you turn on the shared DB support. Mozilla apps all open the database read/write by default, which pretty much precludes sharing.I think that's probably at least a little unfortunate. I'd expect each user to have his own DBs, and the DBs would be in some directory that is owned and writable by that user.I was also wondering if my application can directly use the db from the mozilla location mentioned above or it can cause a problem if mozilla db is updated and the application is running.Presently, Mozilla apps do not yet use the new sharable SQLite DBs. They still use the old cert8 and key3 Berkeley DBs. Those old DBs had the following rules about sharing:
Should the application have its own directory with a copy of these database files in there?If the application is using the old Berkeley DBs, then yes. Note that it IS possible to get FF3 to use shareable DBs instead of the older Berkeley DBs, by setting an environment variable before starting FF3. This is not for the faint of heart! However, AFAIK, it is not yet possible to get FF3 to open the DBs in any directory other than the user's "profile" directory (where it puts the existing cert8.db files now). So, sharing of DBs between (say) FF3 and TB is not yet feasible, AFAIK. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
