bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj

MozReview-Commit-ID: 2qoJz5gDPyY --HG-- extra : rebase_source : c84d7975fa30c753af7481d04e2db8c19daff180
2024-10-09 19:35:51 +00:00 · 2017-11-15 15:24:58 -08:00 · 2017-11-15 15:24:58 -08:00 · dcb596244e
commit dcb596244e
parent d85b9324d9
7 changed files with 7 additions and 63 deletions
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@ -19,7 +19,6 @@
 #include "mozilla/Casting.h"
 #include "mozilla/Move.h"
 #include "mozilla/PodOperations.h"
-#include "mozilla/Preferences.h"
 #include "mozilla/TimeStamp.h"
 #include "mozilla/Unused.h"
 #include "nsCRTGlue.h"
@ -1063,11 +1062,7 @@ InitializeNSS(const nsACString& dir, bool readOnly, bool loadPKCS11Modules)
  if (!loadPKCS11Modules) {
    flags |= NSS_INIT_NOMODDB;
  }
-  bool useSQLDB = Preferences::GetBool("security.use_sqldb", false);
-  nsAutoCString dbTypeAndDirectory;
-  if (useSQLDB) {
-    dbTypeAndDirectory.Append("sql:");
-  }
+  nsAutoCString dbTypeAndDirectory("sql:");
  dbTypeAndDirectory.Append(dir);
  MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
          ("InitializeNSS(%s, %d, %d)", dbTypeAndDirectory.get(), readOnly,
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@ -1785,9 +1785,9 @@ GetNSSProfilePath(nsAutoCString& aProfilePath)
 // returns NS_OK even if renaming the file didn't work. This simplifies the
 // logic of the calling code.
 static nsresult
-AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath,
-                              const nsACString& moduleDBFilename)
+AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath)
 {
+  NS_NAMED_LITERAL_CSTRING(moduleDBFilename, "pkcs11.txt");
  nsAutoCString destModuleDBFilename(moduleDBFilename);
  destModuleDBFilename.Append(".fips");
  nsCOMPtr<nsIFile> dbFile = do_CreateInstance("@mozilla.org/file/local;1");
@ -1854,22 +1854,6 @@ AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath,
  Unused << dbFile->MoveToNative(profileDir, destModuleDBFilename);
  return NS_OK;
 }
-
-// We may be using the legacy databases, in which case we need to use
-// "secmod.db". We may be using the sqlite-backed databases, in which case we
-// need to use "pkcs11.txt".
-static nsresult
-AttemptToRenameBothPKCS11ModuleDBVersions(const nsACString& profilePath)
-{
-  NS_NAMED_LITERAL_CSTRING(legacyModuleDBFilename, "secmod.db");
-  NS_NAMED_LITERAL_CSTRING(sqlModuleDBFilename, "pkcs11.txt");
-  nsresult rv = AttemptToRenamePKCS11ModuleDB(profilePath,
-                                              legacyModuleDBFilename);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-  return AttemptToRenamePKCS11ModuleDB(profilePath, sqlModuleDBFilename);
-}
 #endif // ifndef ANDROID

 // Given a profile directory, attempt to initialize NSS. If nocertdb is true,
@ -1947,7 +1931,7 @@ InitializeNSSWithFallbacks(const nsACString& profilePath, bool nocertdb,
      // If this fails non-catastrophically, we'll attempt to initialize NSS
      // again in r/w then r-o mode (both of which will fail), and then we'll
      // fall back to NSS_NoDB_Init, which is the behavior we want.
-      nsresult rv = AttemptToRenameBothPKCS11ModuleDBVersions(profilePath);
+      nsresult rv = AttemptToRenamePKCS11ModuleDB(profilePath);
      if (NS_FAILED(rv)) {
        return rv;
      }
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@ -38,12 +38,6 @@ pref("security.remember_cert_checkbox_default_setting", true);
 pref("security.ask_for_password",        0);
 pref("security.password_lifetime",       30);

-// If true, use the modern sqlite-backed certificate and key databases in NSS.
-// If false, use the default format. Currently the default in NSS is the old
-// BerkeleyDB format, but this will change in bug 1377940.
-// Changing this requires a restart to take effect.
-pref("security.use_sqldb", true);
-
 // The supported values of this pref are:
 // 0: disable detecting Family Safety mode and importing the root
 // 1: only attempt to detect Family Safety mode (don't import the root)
--- a/security/manager/ssl/tests/unit/test_db_format_pref_new.js
+++ b/security/manager/ssl/tests/unit/test_db_format_pref_new.js
@ -4,12 +4,11 @@
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 "use strict";

-// Tests that if "security.use_sqldb" is set to true when PSM initializes,
-// we create the sqlite-backed certificate and key databases.
+// Tests that when PSM initializes, we create the sqlite-backed certificate and
+// key databases.

 function run_test() {
  let profileDir = do_get_profile();
-  Services.prefs.setBoolPref("security.use_sqldb", true);
  let certificateDBFile = profileDir.clone();
  certificateDBFile.append("cert9.db");
  ok(!certificateDBFile.exists(), "cert9.db should not exist beforehand");
--- a/security/manager/ssl/tests/unit/test_db_format_pref_old.js
+++ b/security/manager/ssl/tests/unit/test_db_format_pref_old.js
@ -1,24 +0,0 @@
-// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at http://mozilla.org/MPL/2.0/.
-"use strict";
-
-// Tests that if "security.use_sqldb" is set to false when PSM initializes,
-// we create the system-default certificate and key databases, which currently
-// use the old BerkeleyDB format. This will change in bug 1377940.
-
-function run_test() {
-  let profileDir = do_get_profile();
-  Services.prefs.setBoolPref("security.use_sqldb", false);
-  let certificateDBFile = profileDir.clone();
-  certificateDBFile.append("cert8.db");
-  ok(!certificateDBFile.exists(), "cert8.db should not exist beforehand");
-  let keyDBFile = profileDir.clone();
-  keyDBFile.append("key3.db");
-  ok(!keyDBFile.exists(), "key3.db should not exist beforehand");
-  // This should start PSM.
-  Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
-  ok(certificateDBFile.exists(), "cert8.db should exist in the profile");
-  ok(keyDBFile.exists(), "key3.db should exist in the profile");
-}
--- a/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
+++ b/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
@ -53,8 +53,6 @@ function run_test() {
    MockRegistrar.unregister(windowWatcherCID);
  });

-  Services.prefs.setBoolPref("security.use_sqldb", true);
-
  let profile = do_get_profile();
  let keyDBFile = do_get_file("test_sdr_preexisting_with_password/key3.db");
  keyDBFile.copyTo(profile, "key3.db");
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@ -76,11 +76,9 @@ skip-if = !debug
 run-sequentially = hardcoded ports
 [test_datasignatureverifier.js]
 # Android always has and always will use the new format, so
-# these two tests don't apply.
+# this test doesn't apply.
 [test_db_format_pref_new.js]
 skip-if = toolkit == 'android'
-[test_db_format_pref_old.js]
-skip-if = toolkit == 'android'
 [test_der.js]
 [test_enterprise_roots.js]
 skip-if = os != 'win' # tests a Windows-specific feature