Andrei Korostelev wrote: > On Jul 23, 7:42 am, Nelson Bolyard <[EMAIL PROTECTED]> > wrote: >> Andrei Korostelev wrote: >>> After importing a certificate into the Firefox either using >>> certutil.exe utility or programatically using NSS API >>> (P12U_ImportPKCS12Object / PK11_ImportCert), I can see that the >>> certificate has been successfully imported (%certutils.exe -L) , >>> however Firefox does not display it (Tools->Options->Advanced->View >>> Certificates) until I restart the browser. >> Have you tried closing the Certificate Manager window, and reopening >> that window? >> >>> I am wondering is it a way to instruct the already running Firefox to >>> reload its security database (containing certs) without restarting it >>> (e.g. this happens when I import cert. from Firefox UI)? >> /Nelson > > Of course I did. It does not refresh the cert list. > You can easily try it yourself: > // add certificate > %certutil.exe -A -i <CertPath> -n <CertName> -d <FirefoxProfileDir> -t > "C,C,C" > // list certificates > %certutil -L -d <FirefoxProfileDir> > // remove certificate > %certutil -D -n <CertName> -d <FirefoxProfileDir>
Wait, you're running certutil on the browser's DB while the browser is running? That's absolutely not supported in any current release of NSS. NSS's DB code cannot be safely used by more than one process on the same DB at the same time EXCEPT in the case where ALL the simultaneous users have the DB open read-only, which the browser never does. The problem is worse than mere lack of coherence (the problem you reported). You can easily corrupt the DB by operating on it while the browser is running. -- Nelson B _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
