diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2014-10-28 17:41:22 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2014-10-28 17:41:22 -0400 |
| commit | b5d1505fc81a33aa10d013efd247d00f631fc681 (patch) | |
| tree | f840f8450cdd70b5143ad45eab6d87b3ef630492 /docs/mod_nss.html | |
| parent | 0d4c4e31e3f55473569c4e937f432d6f20c9d6be (diff) | |
| download | mod_nss-b5d1505fc81a33aa10d013efd247d00f631fc681.tar.gz mod_nss-b5d1505fc81a33aa10d013efd247d00f631fc681.tar.xz mod_nss-b5d1505fc81a33aa10d013efd247d00f631fc681.zip | |
Add support for sqlite NSS databases
We do a chdir() to the NSS database location so that libnssckbi.so
is available when the database is opened. Strip off a sql: prefix
if one is available. This allows the new sqlite format to work.
Add an additional test pass configuring NSS using the sqlite format.
This requires a bit of a hack to pass in the value to python but
it will work for now.
Resolves: #1057650
Diffstat (limited to 'docs/mod_nss.html')
| -rw-r--r-- | docs/mod_nss.html | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/docs/mod_nss.html b/docs/mod_nss.html index 3d7c121..dea9db9 100644 --- a/docs/mod_nss.html +++ b/docs/mod_nss.html @@ -366,11 +366,13 @@ secmod.db. cert8.db stores certificates and Certificate Revocation Lists (CRLs), key3.db stores keys and secmod.db stores information about available PKCS#11 modules.<br> <br> -This directive specifies a path, not a filename.<br> +This directive specifies a path, not a filename. To use a sqlite +NSS database include the prefix sql: in the path.<br> <br> <span style="font-weight: bold;">Example</span><br> <br> <code>NSSCertificateDatabase /etc/httpd/conf/nss</code><br> +<code>NSSCertificateDatabase sql:/etc/httpd/conf/nss</code><br> <br> <big><big>NSSDBPrefix</big></big><br> <br> @@ -1328,7 +1330,14 @@ NSS stores it's certificates and keys in a set of files referred to as the "certificate database." The files by default (with NSS 3.x) are named cert8.db, key3.db and secmod.db. See the NSS documentation at <a href="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</a> -for more information on these specific files.<br> +for more information on these specific files.<p> +By default the NSS databases use the Berkeley Database format (cert8 and +key3). To use the sqlite format (cert9 and key4) either include sql: in +all references to the database (-d sql:/path/to/database) or +<code>export NSS_DEFAULT_DB_TYPE="sql"</code>. +<p> +For more details see +<a href="https://wiki.mozilla.org/NSS_Shared_DB">https://wiki.mozilla.org/NSS_Shared_DB</a><br> <br> The NSS database also stores any Certificate Revocation Lists (CRLs). <br> <br> |