1 From 8cb78993225793692fe0560d25db4af55e0553bd Mon Sep 17 00:00:00 2001
2 From: Mike Perry <mikeperry-git@fscked.org>
3 Date: Fri, 19 Aug 2011 17:58:23 -0700
4 Subject: [PATCH 03/16] Make Intermediate Cert Store memory-only.
6 This patch makes the intermediate SSL cert store exist in memory only.
8 The pref must be set before startup in prefs.js.
9 https://trac.torproject.org/projects/tor/ticket/2949
11 security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++-
12 1 files changed, 14 insertions(+), 1 deletions(-)
14 diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
15 index 5abc0a5..22becca 100644
16 --- a/security/manager/ssl/src/nsNSSComponent.cpp
17 +++ b/security/manager/ssl/src/nsNSSComponent.cpp
18 @@ -1738,8 +1738,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
19 // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
20 // "/usr/lib/nss/libnssckbi.so".
21 PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
22 - SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
23 + bool nocertdb = false;
24 + mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
26 + // XXX: We can also do the the following to only disable the certdb.
27 + // Leaving this codepath in as a fallback in case InitNODB fails
29 + init_flags |= NSS_INIT_NOCERTDB;
33 + init_rv = ::NSS_NoDB_Init(NULL);
35 + init_rv = ::NSS_Initialize(profileStr.get(), "", "",
36 SECMOD_DB, init_flags);
39 if (init_rv != SECSuccess) {
40 PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));