summaryrefslogtreecommitdiff
blob: 617a78ed72e63b750de5cecd2682f00df6481a3a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
From 8cb78993225793692fe0560d25db4af55e0553bd Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git@fscked.org>
Date: Fri, 19 Aug 2011 17:58:23 -0700
Subject: [PATCH 03/16] Make Intermediate Cert Store memory-only.

This patch makes the intermediate SSL cert store exist in memory only.

The pref must be set before startup in prefs.js.
https://trac.torproject.org/projects/tor/ticket/2949
---
 security/manager/ssl/src/nsNSSComponent.cpp |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
index 5abc0a5..22becca 100644
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -1738,8 +1738,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
     // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as
     // "/usr/lib/nss/libnssckbi.so".
     PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
-    SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "",
+    bool nocertdb = false;
+    mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb);
+
+    // XXX: We can also do the the following to only disable the certdb.
+    // Leaving this codepath in as a fallback in case InitNODB fails
+    if (nocertdb)
+      init_flags |= NSS_INIT_NOCERTDB;
+
+    SECStatus init_rv;
+    if (nocertdb) {
+        init_rv = ::NSS_NoDB_Init(NULL);
+    } else {
+        init_rv = ::NSS_Initialize(profileStr.get(), "", "",
                                          SECMOD_DB, init_flags);
+    }
 
     if (init_rv != SECSuccess) {
       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
-- 
1.7.5.4