From 8cb78993225793692fe0560d25db4af55e0553bd Mon Sep 17 00:00:00 2001 From: Mike Perry Date: Fri, 19 Aug 2011 17:58:23 -0700 Subject: [PATCH 03/16] Make Intermediate Cert Store memory-only. This patch makes the intermediate SSL cert store exist in memory only. The pref must be set before startup in prefs.js. https://trac.torproject.org/projects/tor/ticket/2949 --- security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++- 1 files changed, 14 insertions(+), 1 deletions(-) diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp index 5abc0a5..22becca 100644 --- a/security/manager/ssl/src/nsNSSComponent.cpp +++ b/security/manager/ssl/src/nsNSSComponent.cpp @@ -1738,8 +1738,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox) // Ubuntu 8.04, which loads any nonexistent "/libnssckbi.so" as // "/usr/lib/nss/libnssckbi.so". PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE; - SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "", + bool nocertdb = false; + mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb); + + // XXX: We can also do the the following to only disable the certdb. + // Leaving this codepath in as a fallback in case InitNODB fails + if (nocertdb) + init_flags |= NSS_INIT_NOCERTDB; + + SECStatus init_rv; + if (nocertdb) { + init_rv = ::NSS_NoDB_Init(NULL); + } else { + init_rv = ::NSS_Initialize(profileStr.get(), "", "", SECMOD_DB, init_flags); + } if (init_rv != SECSuccess) { PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get())); -- 1.7.5.4