mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 19:35:51 +00:00
bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
MozReview-Commit-ID: 2qoJz5gDPyY --HG-- extra : rebase_source : c84d7975fa30c753af7481d04e2db8c19daff180
This commit is contained in:
parent
d85b9324d9
commit
dcb596244e
@ -19,7 +19,6 @@
|
||||
#include "mozilla/Casting.h"
|
||||
#include "mozilla/Move.h"
|
||||
#include "mozilla/PodOperations.h"
|
||||
#include "mozilla/Preferences.h"
|
||||
#include "mozilla/TimeStamp.h"
|
||||
#include "mozilla/Unused.h"
|
||||
#include "nsCRTGlue.h"
|
||||
@ -1063,11 +1062,7 @@ InitializeNSS(const nsACString& dir, bool readOnly, bool loadPKCS11Modules)
|
||||
if (!loadPKCS11Modules) {
|
||||
flags |= NSS_INIT_NOMODDB;
|
||||
}
|
||||
bool useSQLDB = Preferences::GetBool("security.use_sqldb", false);
|
||||
nsAutoCString dbTypeAndDirectory;
|
||||
if (useSQLDB) {
|
||||
dbTypeAndDirectory.Append("sql:");
|
||||
}
|
||||
nsAutoCString dbTypeAndDirectory("sql:");
|
||||
dbTypeAndDirectory.Append(dir);
|
||||
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
|
||||
("InitializeNSS(%s, %d, %d)", dbTypeAndDirectory.get(), readOnly,
|
||||
|
@ -1785,9 +1785,9 @@ GetNSSProfilePath(nsAutoCString& aProfilePath)
|
||||
// returns NS_OK even if renaming the file didn't work. This simplifies the
|
||||
// logic of the calling code.
|
||||
static nsresult
|
||||
AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath,
|
||||
const nsACString& moduleDBFilename)
|
||||
AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath)
|
||||
{
|
||||
NS_NAMED_LITERAL_CSTRING(moduleDBFilename, "pkcs11.txt");
|
||||
nsAutoCString destModuleDBFilename(moduleDBFilename);
|
||||
destModuleDBFilename.Append(".fips");
|
||||
nsCOMPtr<nsIFile> dbFile = do_CreateInstance("@mozilla.org/file/local;1");
|
||||
@ -1854,22 +1854,6 @@ AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath,
|
||||
Unused << dbFile->MoveToNative(profileDir, destModuleDBFilename);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// We may be using the legacy databases, in which case we need to use
|
||||
// "secmod.db". We may be using the sqlite-backed databases, in which case we
|
||||
// need to use "pkcs11.txt".
|
||||
static nsresult
|
||||
AttemptToRenameBothPKCS11ModuleDBVersions(const nsACString& profilePath)
|
||||
{
|
||||
NS_NAMED_LITERAL_CSTRING(legacyModuleDBFilename, "secmod.db");
|
||||
NS_NAMED_LITERAL_CSTRING(sqlModuleDBFilename, "pkcs11.txt");
|
||||
nsresult rv = AttemptToRenamePKCS11ModuleDB(profilePath,
|
||||
legacyModuleDBFilename);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
return AttemptToRenamePKCS11ModuleDB(profilePath, sqlModuleDBFilename);
|
||||
}
|
||||
#endif // ifndef ANDROID
|
||||
|
||||
// Given a profile directory, attempt to initialize NSS. If nocertdb is true,
|
||||
@ -1947,7 +1931,7 @@ InitializeNSSWithFallbacks(const nsACString& profilePath, bool nocertdb,
|
||||
// If this fails non-catastrophically, we'll attempt to initialize NSS
|
||||
// again in r/w then r-o mode (both of which will fail), and then we'll
|
||||
// fall back to NSS_NoDB_Init, which is the behavior we want.
|
||||
nsresult rv = AttemptToRenameBothPKCS11ModuleDBVersions(profilePath);
|
||||
nsresult rv = AttemptToRenamePKCS11ModuleDB(profilePath);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
@ -38,12 +38,6 @@ pref("security.remember_cert_checkbox_default_setting", true);
|
||||
pref("security.ask_for_password", 0);
|
||||
pref("security.password_lifetime", 30);
|
||||
|
||||
// If true, use the modern sqlite-backed certificate and key databases in NSS.
|
||||
// If false, use the default format. Currently the default in NSS is the old
|
||||
// BerkeleyDB format, but this will change in bug 1377940.
|
||||
// Changing this requires a restart to take effect.
|
||||
pref("security.use_sqldb", true);
|
||||
|
||||
// The supported values of this pref are:
|
||||
// 0: disable detecting Family Safety mode and importing the root
|
||||
// 1: only attempt to detect Family Safety mode (don't import the root)
|
||||
|
@ -4,12 +4,11 @@
|
||||
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
"use strict";
|
||||
|
||||
// Tests that if "security.use_sqldb" is set to true when PSM initializes,
|
||||
// we create the sqlite-backed certificate and key databases.
|
||||
// Tests that when PSM initializes, we create the sqlite-backed certificate and
|
||||
// key databases.
|
||||
|
||||
function run_test() {
|
||||
let profileDir = do_get_profile();
|
||||
Services.prefs.setBoolPref("security.use_sqldb", true);
|
||||
let certificateDBFile = profileDir.clone();
|
||||
certificateDBFile.append("cert9.db");
|
||||
ok(!certificateDBFile.exists(), "cert9.db should not exist beforehand");
|
||||
|
@ -1,24 +0,0 @@
|
||||
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
|
||||
// This Source Code Form is subject to the terms of the Mozilla Public
|
||||
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
"use strict";
|
||||
|
||||
// Tests that if "security.use_sqldb" is set to false when PSM initializes,
|
||||
// we create the system-default certificate and key databases, which currently
|
||||
// use the old BerkeleyDB format. This will change in bug 1377940.
|
||||
|
||||
function run_test() {
|
||||
let profileDir = do_get_profile();
|
||||
Services.prefs.setBoolPref("security.use_sqldb", false);
|
||||
let certificateDBFile = profileDir.clone();
|
||||
certificateDBFile.append("cert8.db");
|
||||
ok(!certificateDBFile.exists(), "cert8.db should not exist beforehand");
|
||||
let keyDBFile = profileDir.clone();
|
||||
keyDBFile.append("key3.db");
|
||||
ok(!keyDBFile.exists(), "key3.db should not exist beforehand");
|
||||
// This should start PSM.
|
||||
Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
|
||||
ok(certificateDBFile.exists(), "cert8.db should exist in the profile");
|
||||
ok(keyDBFile.exists(), "key3.db should exist in the profile");
|
||||
}
|
@ -53,8 +53,6 @@ function run_test() {
|
||||
MockRegistrar.unregister(windowWatcherCID);
|
||||
});
|
||||
|
||||
Services.prefs.setBoolPref("security.use_sqldb", true);
|
||||
|
||||
let profile = do_get_profile();
|
||||
let keyDBFile = do_get_file("test_sdr_preexisting_with_password/key3.db");
|
||||
keyDBFile.copyTo(profile, "key3.db");
|
||||
|
@ -76,11 +76,9 @@ skip-if = !debug
|
||||
run-sequentially = hardcoded ports
|
||||
[test_datasignatureverifier.js]
|
||||
# Android always has and always will use the new format, so
|
||||
# these two tests don't apply.
|
||||
# this test doesn't apply.
|
||||
[test_db_format_pref_new.js]
|
||||
skip-if = toolkit == 'android'
|
||||
[test_db_format_pref_old.js]
|
||||
skip-if = toolkit == 'android'
|
||||
[test_der.js]
|
||||
[test_enterprise_roots.js]
|
||||
skip-if = os != 'win' # tests a Windows-specific feature
|
||||
|
Loading…
Reference in New Issue
Block a user