From 6603359347ef42b4cee2890a27b4e1321e4decf5 Mon Sep 17 00:00:00 2001 From: JustOff Date: Wed, 6 Jun 2018 15:41:35 +0300 Subject: Request NSS to use DBM as the storage file format --- security/certverifier/NSSCertDBTrustDomain.cpp | 10 ++++++++-- security/certverifier/NSSCertDBTrustDomain.h | 3 ++- security/certverifier/moz.build | 5 +++++ security/manager/ssl/nsNSSComponent.cpp | 4 ++-- 4 files changed, 17 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp index b4e12fe9c..39f7d3e9e 100644 --- a/security/certverifier/NSSCertDBTrustDomain.cpp +++ b/security/certverifier/NSSCertDBTrustDomain.cpp @@ -22,6 +22,7 @@ #include "mozilla/Unused.h" #include "nsNSSCertificate.h" #include "nsServiceManagerUtils.h" +#include "nsThreadUtils.h" #include "nss.h" #include "pk11pub.h" #include "pkix/Result.h" @@ -1087,8 +1088,10 @@ NSSCertDBTrustDomain::NoteAuxiliaryExtension(AuxiliaryExtension extension, } SECStatus -InitializeNSS(const char* dir, bool readOnly, bool loadPKCS11Modules) +InitializeNSS(const nsACString& dir, bool readOnly, bool loadPKCS11Modules) { + MOZ_ASSERT(NS_IsMainThread()); + // The NSS_INIT_NOROOTINIT flag turns off the loading of the root certs // module by NSS_Initialize because we will load it in InstallLoadableRoots // later. It also allows us to work around a bug in the system NSS in @@ -1101,7 +1104,10 @@ InitializeNSS(const char* dir, bool readOnly, bool loadPKCS11Modules) if (!loadPKCS11Modules) { flags |= NSS_INIT_NOMODDB; } - return ::NSS_Initialize(dir, "", "", SECMOD_DB, flags); + nsAutoCString dbTypeAndDirectory; + dbTypeAndDirectory.Append("dbm:"); + dbTypeAndDirectory.Append(dir); + return ::NSS_Initialize(dbTypeAndDirectory.get(), "", "", SECMOD_DB, flags); } void diff --git a/security/certverifier/NSSCertDBTrustDomain.h b/security/certverifier/NSSCertDBTrustDomain.h index 15a5a4a2c..64827536c 100644 --- a/security/certverifier/NSSCertDBTrustDomain.h +++ b/security/certverifier/NSSCertDBTrustDomain.h @@ -36,7 +36,8 @@ enum class NetscapeStepUpPolicy : uint32_t { NeverMatch = 3, }; -SECStatus InitializeNSS(const char* dir, bool readOnly, bool loadPKCS11Modules); +SECStatus InitializeNSS(const nsACString& dir, bool readOnly, + bool loadPKCS11Modules); void DisableMD5(); diff --git a/security/certverifier/moz.build b/security/certverifier/moz.build index 70f049340..97cff1f7d 100644 --- a/security/certverifier/moz.build +++ b/security/certverifier/moz.build @@ -68,6 +68,11 @@ if CONFIG['_MSC_VER']: # class copy constructor is inaccessible or deleted '-wd4626', # assignment operator could not be generated because a base # class assignment operator is inaccessible or deleted + '-wd4628', # digraphs not supported with -Ze (nsThreadUtils.h includes + # what would be the digraph "<:" in the expression + # "mozilla::EnableIf<::detail::...". Since we don't want it + # interpreted as a digraph anyway, we can disable the + # warning.) '-wd4640', # construction of local static object is not thread-safe '-wd4710', # 'function': function not inlined '-wd4711', # function 'function' selected for inline expansion diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 1bcdcc1b0..025f4bda2 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1828,11 +1828,11 @@ nsNSSComponent::InitializeNSS() if (!nocertdb && !profileStr.IsEmpty()) { // First try to initialize the NSS DB in read/write mode. // Only load PKCS11 modules if we're not in safe mode. - init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode); + init_rv = ::mozilla::psm::InitializeNSS(profileStr, false, !inSafeMode); // If that fails, attempt read-only mode. if (init_rv != SECSuccess) { MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get())); - init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true, !inSafeMode); + init_rv = ::mozilla::psm::InitializeNSS(profileStr, true, !inSafeMode); } if (init_rv != SECSuccess) { MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n")); -- cgit v1.2.3