summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/certverifier/NSSCertDBTrustDomain.cpp10
-rw-r--r--security/certverifier/NSSCertDBTrustDomain.h3
-rw-r--r--security/certverifier/moz.build5
-rw-r--r--security/manager/ssl/nsNSSComponent.cpp4
4 files changed, 17 insertions, 5 deletions
diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp
index b4e12fe9c..39f7d3e9e 100644
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -22,6 +22,7 @@
#include "mozilla/Unused.h"
#include "nsNSSCertificate.h"
#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
#include "nss.h"
#include "pk11pub.h"
#include "pkix/Result.h"
@@ -1087,8 +1088,10 @@ NSSCertDBTrustDomain::NoteAuxiliaryExtension(AuxiliaryExtension extension,
}
SECStatus
-InitializeNSS(const char* dir, bool readOnly, bool loadPKCS11Modules)
+InitializeNSS(const nsACString& dir, bool readOnly, bool loadPKCS11Modules)
{
+ MOZ_ASSERT(NS_IsMainThread());
+
// The NSS_INIT_NOROOTINIT flag turns off the loading of the root certs
// module by NSS_Initialize because we will load it in InstallLoadableRoots
// later. It also allows us to work around a bug in the system NSS in
@@ -1101,7 +1104,10 @@ InitializeNSS(const char* dir, bool readOnly, bool loadPKCS11Modules)
if (!loadPKCS11Modules) {
flags |= NSS_INIT_NOMODDB;
}
- return ::NSS_Initialize(dir, "", "", SECMOD_DB, flags);
+ nsAutoCString dbTypeAndDirectory;
+ dbTypeAndDirectory.Append("dbm:");
+ dbTypeAndDirectory.Append(dir);
+ return ::NSS_Initialize(dbTypeAndDirectory.get(), "", "", SECMOD_DB, flags);
}
void
diff --git a/security/certverifier/NSSCertDBTrustDomain.h b/security/certverifier/NSSCertDBTrustDomain.h
index 15a5a4a2c..64827536c 100644
--- a/security/certverifier/NSSCertDBTrustDomain.h
+++ b/security/certverifier/NSSCertDBTrustDomain.h
@@ -36,7 +36,8 @@ enum class NetscapeStepUpPolicy : uint32_t {
NeverMatch = 3,
};
-SECStatus InitializeNSS(const char* dir, bool readOnly, bool loadPKCS11Modules);
+SECStatus InitializeNSS(const nsACString& dir, bool readOnly,
+ bool loadPKCS11Modules);
void DisableMD5();
diff --git a/security/certverifier/moz.build b/security/certverifier/moz.build
index 70f049340..97cff1f7d 100644
--- a/security/certverifier/moz.build
+++ b/security/certverifier/moz.build
@@ -68,6 +68,11 @@ if CONFIG['_MSC_VER']:
# class copy constructor is inaccessible or deleted
'-wd4626', # assignment operator could not be generated because a base
# class assignment operator is inaccessible or deleted
+ '-wd4628', # digraphs not supported with -Ze (nsThreadUtils.h includes
+ # what would be the digraph "<:" in the expression
+ # "mozilla::EnableIf<::detail::...". Since we don't want it
+ # interpreted as a digraph anyway, we can disable the
+ # warning.)
'-wd4640', # construction of local static object is not thread-safe
'-wd4710', # 'function': function not inlined
'-wd4711', # function 'function' selected for inline expansion
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index 1bcdcc1b0..025f4bda2 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1828,11 +1828,11 @@ nsNSSComponent::InitializeNSS()
if (!nocertdb && !profileStr.IsEmpty()) {
// First try to initialize the NSS DB in read/write mode.
// Only load PKCS11 modules if we're not in safe mode.
- init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr, false, !inSafeMode);
// If that fails, attempt read-only mode.
if (init_rv != SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get()));
- init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true, !inSafeMode);
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr, true, !inSafeMode);
}
if (init_rv != SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n"));