summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--build/moz.configure/old.configure1
-rw-r--r--old-configure.in19
-rw-r--r--security/certverifier/NSSCertDBTrustDomain.cpp5
-rw-r--r--security/manager/ssl/nsNSSComponent.cpp24
-rw-r--r--toolkit/xre/nsAppRunner.cpp17
5 files changed, 59 insertions, 7 deletions
diff --git a/build/moz.configure/old.configure b/build/moz.configure/old.configure
index 72c294706..d0f6909b9 100644
--- a/build/moz.configure/old.configure
+++ b/build/moz.configure/old.configure
@@ -223,6 +223,7 @@ def old_configure_options(*options):
'--enable-release',
'--enable-safe-browsing',
'--enable-sandbox',
+ '--enable-security-sqlstore',
'--enable-signmar',
'--enable-simulator',
'--enable-small-chunk-size',
diff --git a/old-configure.in b/old-configure.in
index d438d9ea3..86cf2ae18 100644
--- a/old-configure.in
+++ b/old-configure.in
@@ -2156,6 +2156,7 @@ MOZ_JETPACK=1
MOZ_DEVTOOLS_SERVER=1
MOZ_DEVTOOLS=
MOZ_PLACES=1
+MOZ_SECURITY_SQLSTORE=
MOZ_SERVICES_HEALTHREPORT=1
MOZ_SERVICES_SYNC=1
MOZ_USERINFO=1
@@ -2717,6 +2718,24 @@ fi
AC_SUBST(NSS_DISABLE_DBM)
dnl =========================================================
+dnl = NSS SQL storage format
+dnl =========================================================
+MOZ_ARG_ENABLE_BOOL(security-sqlstore,
+[ --enable-security-sqlstore Enable the use of SQL storage for NSS],
+ MOZ_SECURITY_SQLSTORE=1,
+ MOZ_SECURITY_SQLSTORE=)
+
+if test -n "$NSS_DISABLE_DBM" -a -z "$MOZ_SECURITY_SQLSTORE"; then
+ AC_MSG_ERROR([DBM storage support is required if not using NSS SQL storage])
+fi
+
+if test -n "$MOZ_SECURITY_SQLSTORE"; then
+ AC_DEFINE(MOZ_SECURITY_SQLSTORE)
+fi
+
+AC_SUBST(MOZ_SECURITY_SQLSTORE)
+
+dnl =========================================================
dnl = Don't fold mailnews related comps into libXUL
dnl =========================================================
MOZ_ARG_ENABLE_BOOL(incomplete-external-linkage,
diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp
index 5e89c2484..cf48f6392 100644
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -1102,7 +1102,12 @@ InitializeNSS(const nsACString& dir, bool readOnly, bool loadPKCS11Modules)
flags |= NSS_INIT_NOMODDB;
}
nsAutoCString dbTypeAndDirectory;
+#ifdef MOZ_SECURITY_SQLSTORE
+ // Not strictly necessary with current NSS versions, but can't hurt to be explicit.
+ dbTypeAndDirectory.Append("sql:");
+#else
dbTypeAndDirectory.Append("dbm:");
+#endif
dbTypeAndDirectory.Append(dir);
return ::NSS_Initialize(dbTypeAndDirectory.get(), "", "", SECMOD_DB, flags);
}
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index dfff59da9..897b5743c 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -12,6 +12,9 @@
#include "SharedSSLState.h"
#include "cert.h"
#include "certdb.h"
+#ifdef MOZ_SECURITY_SQLSTORE
+#include "mozStorageCID.h"
+#endif
#include "mozilla/ArrayUtils.h"
#include "mozilla/Casting.h"
#include "mozilla/Preferences.h"
@@ -1703,16 +1706,25 @@ GetNSSProfilePath(nsAutoCString& aProfilePath)
}
#if defined(XP_WIN)
- // Native path will drop Unicode characters that cannot be mapped to system's
- // codepage, using short (canonical) path as workaround.
nsCOMPtr<nsILocalFileWin> profileFileWin(do_QueryInterface(profileFile));
if (!profileFileWin) {
MOZ_LOG(gPIPNSSLog, LogLevel::Error,
("Could not get nsILocalFileWin for profile directory.\n"));
return NS_ERROR_FAILURE;
}
+#ifdef MOZ_SECURITY_SQLSTORE
+ // SQLite always takes UTF-8 file paths regardless of the current system
+ // code page.
+ nsAutoString u16ProfilePath;
+ rv = profileFileWin->GetCanonicalPath(u16ProfilePath);
+ CopyUTF16toUTF8(u16ProfilePath, aProfilePath);
+#else
+ // Native path will drop Unicode characters that cannot be mapped to system's
+ // codepage, using short (canonical) path as workaround.
rv = profileFileWin->GetNativeCanonicalPath(aProfilePath);
+#endif
#else
+ // On non-Windows, just get the native profile path.
rv = profileFile->GetNativePath(aProfilePath);
#endif
@@ -1970,6 +1982,14 @@ nsNSSComponent::Init()
return NS_ERROR_NOT_SAME_THREAD;
}
+#ifdef MOZ_SECURITY_SQLSTORE
+ // To avoid an sqlite3_config race in NSS init, we require the storage service to get initialized first.
+ nsCOMPtr<nsISupports> storageService = do_GetService(MOZ_STORAGE_SERVICE_CONTRACTID);
+ if (!storageService) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+#endif
+
nsresult rv = NS_OK;
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n"));
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index e3705a5c2..55072c474 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -2781,19 +2781,26 @@ XREMain::XRE_mainInit(bool* aExitFlag)
#endif
SetupErrorHandling(gArgv[0]);
-
- // Set up environment for NSS DBM database
+ // Set up environment for NSS database choice
+#ifndef NSS_DISABLE_DBM
// Allow iteration counts in DBM mode
SaveToEnv("NSS_ALLOW_LEGACY_DBM_ITERATION_COUNT=1");
- // Set default Master Password rounds to a sane value for DBM which is slower
- // than SQL for PBKDF. The NSS hard-coded default of 10,000 is too much.
- // See also Bug 1606992 for perf issues.
+#endif
+
#ifdef DEBUG
+ // Reduce the number of rounds for debug builds for perf/test reasons.
SaveToEnv("NSS_MAX_MP_PBE_ITERATION_COUNT=15");
#else
+#ifdef MOZ_SECURITY_SQLSTORE
+ // We're using SQL; NSS's defaults for rounds are fine.
+#else
+ // Set default Master Password rounds to a sane value for DBM which is slower
+ // than SQL for PBKDF. The NSS hard-coded default of 10,000 is too much.
+ // See also Bug 1606992 for perf issues.
SaveToEnv("NSS_MAX_MP_PBE_ITERATION_COUNT=500");
#endif
+#endif
#ifdef CAIRO_HAS_DWRITE_FONT
{