Jean-Marc Desperrier wrote:
Julien Pierre wrote: [NSS DB access not multi-process safe]
Solving this problem involves using a new database format. The NSS team researched the issue of licensing other database code that didn't suffer from the single-process limitation, but none was found that would satisfy all licensing requirements - NPL/GPL/MPL. The only satisfactory databases we found were commercial. Unfortunately we didn't have the resources to write a brand new database, hence the situation we have today.
I'm surprised this problem has no solution.
Well most database solutions seems to be available only under the GPL, but a special agreement could probably be negotiated.
We have a solution that works for our commercial products, which cost AOL money. But we can't open source that solution. We tried to negotiate with the database vendor we chose, but it wasn't possible, because it would mean that their source code would end up in mozilla and the MPL/NPL allow commercial products to be created from that source code.
But the best solution would probably be a separate process that will handle all the crypto/NSS requests for the running aplications.
It seems clear this is the most workable solution.
If needed, it could be done with a proxy without changing anything in the current interface.
Was not the PSM intended to work that way initially ?
Maybe it was, that predates my time, but it doesn't work this way today. Having the crypto done totally out of process has security issues : sending sensitive data to encrypt over IPC is not a good idea, and it is also very inefficient.
The real solution is to hook up NSS to a multiprocess-safe database. That way only the database I/O goes through the IPC, not the crypto operations. There is a provision to do that in the open source code. The problem is that no database could satisfy the requirements to be included in mozilla.org source code.
