On 2009-07-06 02:17 PDT, Jean-Marc Desperrier wrote: > Nelson Bolyard wrote: >> By default, it is still the old single-process cert8 and key3 DBs, >> as before. >> >> However, FF 3.5 has the code to support shared-access cert9 and key4 DBs, >> based on sqlite3. You can force FF 3.5 to use that by setting an >> environment variable. > > My understanding is that is you start FF *once* with the setting enabled > for the new db format, the base will be converted, and then it will use > the new format every time after that point, without any special setting.
That's how conversions were done in the past, but that's not how the conversion in NSS 3.12 works. In NSS 3.12, you must tell NSS every time it is initialized whether it is using old (Berkeley, default) or new (Sqlite3) DBs. This may be done in any of (at least) 3 different ways, including an environment variable, a directory name prefix, or a programmatic function call (IIRC). > Maybe even you could externally convert the base, and Fx will use the > new format the next time it starts ? You could indeed do an external conversion. the certutil program will happily do it. But you must still tell the programs to use the new DB, or the programs will use the old one. > An annoying limitation is that the certificate file *must* be in the > profile directory, there's no way to set an absolute path, so it's still > hard to use it as a multi-application db. hmm. I think that is a Firefox limitation, not an NSS limitation. But I could be wrong about that. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
