Re: Shared security Db in FF-3.5?
Nelson Bolyard wrote: [...] In NSS 3.12, you must tell NSS every time it is initialized whether it is using old (Berkeley, default) or new (Sqlite3) DBs. This may be done in any of (at least) 3 different ways, including an environment variable, a directory name prefix, or a programmatic function call (IIRC). Oh, too bad. I think it would be better then if Firefox were to programmatic set it to use sqlite3 when the sqlite3 file exists. An annoying limitation is that the certificate file*must* be in the profile directory, there's no way to set an absolute path, so it's still hard to use it as a multi-application db. hmm. I think that is a Firefox limitation, not an NSS limitation. But I could be wrong about that. Yes, it is a Firefox limitation. I think there's already a bug open about that. ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: Shared security Db in FF-3.5?
On Mon, Jul 6, 2009 at 12:09 AM, Andrei Korostelevand...@korostelev.net wrote: Thank you. Are there plans to make this shared Db default, say, in FF 4? Yes, there are, and now is a good time in the Firefox development cycle to start that work. But it seems that the right people to do that are bogged down by their other important work (such as FIPS validation). The Linux version of the Chromium browser uses NSS and is using the NSS shared databases. It creates them in the ~/.pki/nssdb directory, following the NSS team's proposal at https://wiki.mozilla.org/NSS_Shared_DB_And_LINUX Wan-Teh ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: Shared security Db in FF-3.5?
On Sun, Jul 5, 2009 at 10:22 PM, Nelson Bolyardnonelsons...@nobolyardspam.me wrote: However, FF 3.5 has the code to support shared-access cert9 and key4 DBs, based on sqlite3. You can force FF 3.5 to use that by setting an environment variable. Is non-shared security Db still the case with upcoming Firefox 3.5? The old non-shared security DBs are still the default in FF 3.5. What is the environment variable? Thanks, -Kyle H___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: Shared security Db in FF-3.5?
On Thu, Jul 16, 2009 at 1:46 PM, aerow...@gmail.com wrote: What is the environment variable? Set the environment variable NSS_DEFAULT_DB_TYPE to sql. All environment variables used by NSS are documented at https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables Wan-Teh ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: Shared security Db in FF-3.5?
On 6 jul, 07:22, Nelson Bolyard nonelsons...@nobolyardspam.me wrote: On 2009-07-03 01:43 PDT, Andrei Korostelev wrote: Does Firefox 3.5 already support multi-process shared secrurity database or it is still single-process? By default, it is still the old single-process cert8 and key3 DBs, as before. However, FF 3.5 has the code to support shared-access cert9 and key4 DBs, based on sqlite3. You can force FF 3.5 to use that by setting an environment variable. Is non-shared security Db still the case with upcoming Firefox 3.5? The old non-shared security DBs are still the default in FF 3.5. Is SecurityDb in Firefox 3 multiuser? Multi-user is a different matter than multi-process. FF 3.5's new cert9 and key3 DB are multi-process capable, but I would NOT describe them as multi-user. They are a pair, and the private keys in the key DB are, of course, private to each individual user. So, each user needs his/her own key DB, and since they are a pair, this implies that each user needs his/her own cert DB too. But with cert9.db, all that user's processes can share a common pair of DBs. Thank you. Are there plans to make this shared Db default, say, in FF 4? ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: Shared security Db in FF-3.5?
Nelson Bolyard wrote: By default, it is still the old single-process cert8 and key3 DBs, as before. However, FF 3.5 has the code to support shared-access cert9 and key4 DBs, based on sqlite3. You can force FF 3.5 to use that by setting an environment variable. My understanding is that is you start FF *once* with the setting enabled for the new db format, the base will be converted, and then it will use the new format every time after that point, without any special setting. Maybe even you could externally convert the base, and Fx will use the new format the next time it starts ? An annoying limitation is that the certificate file *must* be in the profile directory, there's no way to set an absolute path, so it's still hard to use it as a multi-application db. ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: Shared security Db in FF-3.5?
On 2009-07-03 01:43 PDT, Andrei Korostelev wrote: Does Firefox 3.5 already support multi-process shared secrurity database or it is still single-process? By default, it is still the old single-process cert8 and key3 DBs, as before. However, FF 3.5 has the code to support shared-access cert9 and key4 DBs, based on sqlite3. You can force FF 3.5 to use that by setting an environment variable. Is non-shared security Db still the case with upcoming Firefox 3.5? The old non-shared security DBs are still the default in FF 3.5. Is SecurityDb in Firefox 3 multiuser? Multi-user is a different matter than multi-process. FF 3.5's new cert9 and key3 DB are multi-process capable, but I would NOT describe them as multi-user. They are a pair, and the private keys in the key DB are, of course, private to each individual user. So, each user needs his/her own key DB, and since they are a pair, this implies that each user needs his/her own cert DB too. But with cert9.db, all that user's processes can share a common pair of DBs. ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
