On 2009-11-20 00:24 PST, serval wrote: > I need add my certificate into certdb with token "Builtin Object Token"
The "builtin object token" is a separate token from the token that holds the cert DB. You can add your cert into the cert DB, or into the builtin object token, or into both. See the diagram in figure 2.1 at http://www.mozilla.org/projects/security/pki/nss/ref/ssl/gtstd.html#1011970 The "Builtin object token" is not shown there. If it was, it would look like the box labeled "Fortezza", except that it would not have any explicit physical slots and tokens, because the "builtin object token" is actually a virtual token, whose contents are read only, compiled in to a shared library. > I thought it is impossible but there have to exist some way because if I > remove one of root certificates it is restored after firefox restart. But > I can not find source code where this happen. Right. It is actually a bug that Firefox appears to let you remove a root cert. You cannot remove a root cert from the builtin object token because it is read only, compiled in. When Firefox "deletes" it, Firefox merely forgets about it for the remainder of that process lifetime, but the next time the process restarts, it's right back again in the shared library, because it never left the shared library. > Could anyone help my? Maybe just point on part of code where firefox > restores certificates on start up. I hope my explanation has helped. > thanks. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto