From b5d1505fc81a33aa10d013efd247d00f631fc681 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 28 Oct 2014 17:41:22 -0400 Subject: Add support for sqlite NSS databases We do a chdir() to the NSS database location so that libnssckbi.so is available when the database is opened. Strip off a sql: prefix if one is available. This allows the new sqlite format to work. Add an additional test pass configuring NSS using the sqlite format. This requires a bit of a hack to pass in the value to python but it will work for now. Resolves: #1057650 --- docs/mod_nss.html | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/mod_nss.html b/docs/mod_nss.html index 3d7c121..dea9db9 100644 --- a/docs/mod_nss.html +++ b/docs/mod_nss.html @@ -366,11 +366,13 @@ secmod.db. cert8.db stores certificates and Certificate Revocation Lists (CRLs), key3.db stores keys and secmod.db stores information about available PKCS#11 modules.

-This directive specifies a path, not a filename.
+This directive specifies a path, not a filename. To use a sqlite +NSS database include the prefix sql: in the path.

Example

NSSCertificateDatabase /etc/httpd/conf/nss
+NSSCertificateDatabase sql:/etc/httpd/conf/nss

NSSDBPrefix

@@ -1328,7 +1330,14 @@ NSS stores it's certificates and keys in a set of files referred to as the "certificate database." The files by default (with NSS 3.x) are named cert8.db, key3.db and secmod.db. See the NSS documentation at http://www.mozilla.org/projects/security/pki/nss/ -for more information on these specific files.
+for more information on these specific files.

+By default the NSS databases use the Berkeley Database format (cert8 and +key3). To use the sqlite format (cert9 and key4) either include sql: in +all references to the database (-d sql:/path/to/database) or +export NSS_DEFAULT_DB_TYPE="sql". +

+For more details see +https://wiki.mozilla.org/NSS_Shared_DB

The NSS database also stores any Certificate Revocation Lists (CRLs).

-- cgit