diff options
-rw-r--r-- | build/moz.configure/old.configure | 1 | ||||
-rw-r--r-- | old-configure.in | 19 | ||||
-rw-r--r-- | security/certverifier/NSSCertDBTrustDomain.cpp | 5 | ||||
-rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 24 | ||||
-rw-r--r-- | toolkit/xre/nsAppRunner.cpp | 17 |
5 files changed, 59 insertions, 7 deletions
diff --git a/build/moz.configure/old.configure b/build/moz.configure/old.configure index 72c294706..d0f6909b9 100644 --- a/build/moz.configure/old.configure +++ b/build/moz.configure/old.configure @@ -223,6 +223,7 @@ def old_configure_options(*options): '--enable-release', '--enable-safe-browsing', '--enable-sandbox', + '--enable-security-sqlstore', '--enable-signmar', '--enable-simulator', '--enable-small-chunk-size', diff --git a/old-configure.in b/old-configure.in index d438d9ea3..86cf2ae18 100644 --- a/old-configure.in +++ b/old-configure.in @@ -2156,6 +2156,7 @@ MOZ_JETPACK=1 MOZ_DEVTOOLS_SERVER=1 MOZ_DEVTOOLS= MOZ_PLACES=1 +MOZ_SECURITY_SQLSTORE= MOZ_SERVICES_HEALTHREPORT=1 MOZ_SERVICES_SYNC=1 MOZ_USERINFO=1 @@ -2717,6 +2718,24 @@ fi AC_SUBST(NSS_DISABLE_DBM) dnl ========================================================= +dnl = NSS SQL storage format +dnl ========================================================= +MOZ_ARG_ENABLE_BOOL(security-sqlstore, +[ --enable-security-sqlstore Enable the use of SQL storage for NSS], + MOZ_SECURITY_SQLSTORE=1, + MOZ_SECURITY_SQLSTORE=) + +if test -n "$NSS_DISABLE_DBM" -a -z "$MOZ_SECURITY_SQLSTORE"; then + AC_MSG_ERROR([DBM storage support is required if not using NSS SQL storage]) +fi + +if test -n "$MOZ_SECURITY_SQLSTORE"; then + AC_DEFINE(MOZ_SECURITY_SQLSTORE) +fi + +AC_SUBST(MOZ_SECURITY_SQLSTORE) + +dnl ========================================================= dnl = Don't fold mailnews related comps into libXUL dnl ========================================================= MOZ_ARG_ENABLE_BOOL(incomplete-external-linkage, diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp index 5e89c2484..cf48f6392 100644 --- a/security/certverifier/NSSCertDBTrustDomain.cpp +++ b/security/certverifier/NSSCertDBTrustDomain.cpp @@ -1102,7 +1102,12 @@ InitializeNSS(const nsACString& dir, bool readOnly, bool loadPKCS11Modules) flags |= NSS_INIT_NOMODDB; } nsAutoCString dbTypeAndDirectory; +#ifdef MOZ_SECURITY_SQLSTORE + // Not strictly necessary with current NSS versions, but can't hurt to be explicit. + dbTypeAndDirectory.Append("sql:"); +#else dbTypeAndDirectory.Append("dbm:"); +#endif dbTypeAndDirectory.Append(dir); return ::NSS_Initialize(dbTypeAndDirectory.get(), "", "", SECMOD_DB, flags); } diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index dfff59da9..897b5743c 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -12,6 +12,9 @@ #include "SharedSSLState.h" #include "cert.h" #include "certdb.h" +#ifdef MOZ_SECURITY_SQLSTORE +#include "mozStorageCID.h" +#endif #include "mozilla/ArrayUtils.h" #include "mozilla/Casting.h" #include "mozilla/Preferences.h" @@ -1703,16 +1706,25 @@ GetNSSProfilePath(nsAutoCString& aProfilePath) } #if defined(XP_WIN) - // Native path will drop Unicode characters that cannot be mapped to system's - // codepage, using short (canonical) path as workaround. nsCOMPtr<nsILocalFileWin> profileFileWin(do_QueryInterface(profileFile)); if (!profileFileWin) { MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Could not get nsILocalFileWin for profile directory.\n")); return NS_ERROR_FAILURE; } +#ifdef MOZ_SECURITY_SQLSTORE + // SQLite always takes UTF-8 file paths regardless of the current system + // code page. + nsAutoString u16ProfilePath; + rv = profileFileWin->GetCanonicalPath(u16ProfilePath); + CopyUTF16toUTF8(u16ProfilePath, aProfilePath); +#else + // Native path will drop Unicode characters that cannot be mapped to system's + // codepage, using short (canonical) path as workaround. rv = profileFileWin->GetNativeCanonicalPath(aProfilePath); +#endif #else + // On non-Windows, just get the native profile path. rv = profileFile->GetNativePath(aProfilePath); #endif @@ -1970,6 +1982,14 @@ nsNSSComponent::Init() return NS_ERROR_NOT_SAME_THREAD; } +#ifdef MOZ_SECURITY_SQLSTORE + // To avoid an sqlite3_config race in NSS init, we require the storage service to get initialized first. + nsCOMPtr<nsISupports> storageService = do_GetService(MOZ_STORAGE_SERVICE_CONTRACTID); + if (!storageService) { + return NS_ERROR_NOT_AVAILABLE; + } +#endif + nsresult rv = NS_OK; MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n")); diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp index e3705a5c2..55072c474 100644 --- a/toolkit/xre/nsAppRunner.cpp +++ b/toolkit/xre/nsAppRunner.cpp @@ -2781,19 +2781,26 @@ XREMain::XRE_mainInit(bool* aExitFlag) #endif SetupErrorHandling(gArgv[0]); - - // Set up environment for NSS DBM database + // Set up environment for NSS database choice +#ifndef NSS_DISABLE_DBM // Allow iteration counts in DBM mode SaveToEnv("NSS_ALLOW_LEGACY_DBM_ITERATION_COUNT=1"); - // Set default Master Password rounds to a sane value for DBM which is slower - // than SQL for PBKDF. The NSS hard-coded default of 10,000 is too much. - // See also Bug 1606992 for perf issues. +#endif + #ifdef DEBUG + // Reduce the number of rounds for debug builds for perf/test reasons. SaveToEnv("NSS_MAX_MP_PBE_ITERATION_COUNT=15"); #else +#ifdef MOZ_SECURITY_SQLSTORE + // We're using SQL; NSS's defaults for rounds are fine. +#else + // Set default Master Password rounds to a sane value for DBM which is slower + // than SQL for PBKDF. The NSS hard-coded default of 10,000 is too much. + // See also Bug 1606992 for perf issues. SaveToEnv("NSS_MAX_MP_PBE_ITERATION_COUNT=500"); #endif +#endif #ifdef CAIRO_HAS_DWRITE_FONT { |