On Fri, Sep 24, 2010 at 11:12 PM, Wolter Eldering <wolter.elder...@vanad.com.cn> wrote: > > I've added my patches and some test results to bug: > https://bugzilla.mozilla.org/show_bug.cgi?id=595134
Thank you very much! > I needed to start chrome like this: "chrome-linux/chrome-wrapper > --single-process --enable-dnssec-certs" to get the environment variables to > be seen by chrome You should not use the --single-process option. It is intended for testing only. The filesystem speed test in NSS softoken is broken with the current version of sqlite, so we have to set the environment variable NSS_SDB_USE_CACHE=yes to force it to use cache. I remember I also had to start chrome from the command line to get the NSS_SDB_USE_CACHE=yes environment variable to be seen by chrome. Or I may have modified the chrome wrapper script to set the environment variable in it. > I also added the --enable-dnssec-certs because I noticed from the code that > CERT_GetCertChainFromCert is called. As far as I can see the whole chain > will be build with again and again. each certificate in the chain takes > about 4 sqlite queries. You may have misunderstood the effects of --enable-dnssec-certs. I seem to remember with --enable-dnssec-certs, Chrome will still go through the normal certificate verification code path if the server's certificate (or rather, public key) is not in DNS. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
