Mercurial > mozilla-central / changeset / 5d47d1ff7e56239b3e12e38825e2748383e7a3b8
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 629558 - Pref to make Intermediate Cert Store memory-only. r=keeler
authorMike Perry <mikeperry-git@torproject.org>
Wed, 10 Jun 2015 14:14:00 +0200
changeset 248293 5d47d1ff7e56239b3e12e38825e2748383e7a3b8
parent 248292 d263646f22c02c540b5da295be78a57b081e5f4b
child 248294 a78836138b82c0c99b7ad6028562883aa29fa3cd
push id28893
push userkwierso@gmail.com
push dateFri, 12 Jun 2015 00:02:58 +0000
treeherdermozilla-central@8cf9d3e497f9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs629558
milestone41.0a1
first release with
nightly linux32
0093691d3715 / 41.0a1 / 20150612030205 / files
nightly linux64
0093691d3715 / 41.0a1 / 20150612030205 / files
nightly mac
0093691d3715 / 41.0a1 / 20150612030205 / files
nightly win32
0093691d3715 / 41.0a1 / 20150612030205 / files
nightly win64
0093691d3715 / 41.0a1 / 20150612030205 / files
last release without
nightly linux32
bfd82015df48 / 41.0a1 / 20150611030208 / files
nightly linux64
bfd82015df48 / 41.0a1 / 20150611030208 / files
nightly mac
bfd82015df48 / 41.0a1 / 20150611030208 / files
nightly win32
bfd82015df48 / 41.0a1 / 20150611030208 / files
nightly win64
bfd82015df48 / 41.0a1 / 20150611030208 / files
Bug 629558 - Pref to make Intermediate Cert Store memory-only. r=keeler
security/manager/ssl/nsNSSComponent.cpp file | annotate | diff | comparison | revisions 
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1011,32 +1011,34 @@ nsNSSComponent::InitializeNSS()
   nsAutoCString profileStr;
   nsresult rv = GetNSSProfilePath(profileStr);
   if (NS_FAILED(rv)) {
     nsPSMInitPanic::SetPanic();
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   SECStatus init_rv = SECFailure;
-  if (!profileStr.IsEmpty()) {
+  bool nocertdb = Preferences::GetBool("security.nocertdb", false);
+
+  if (!nocertdb && !profileStr.IsEmpty()) {
     // First try to initialize the NSS DB in read/write mode.
-    SECStatus init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false);
+    init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false);
     // If that fails, attempt read-only mode.
     if (init_rv != SECSuccess) {
       MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get()));
       init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true);
     }
     if (init_rv != SECSuccess) {
       MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n"));
     }
   }
   // If we haven't succeeded in initializing the DB in our profile
-  // directory or we don't have a profile at all, attempt to initialize
-  // with no DB.
-  if (init_rv != SECSuccess) {
+  // directory or we don't have a profile at all, or the "security.nocertdb"
+  // pref has been set to "true", attempt to initialize with no DB.
+  if (nocertdb || init_rv != SECSuccess) {
     init_rv = NSS_NoDB_Init(nullptr);
   }
   if (init_rv != SECSuccess) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("could not initialize NSS - panicking\n"));
     nsPSMInitPanic::SetPanic();
     return NS_ERROR_NOT_AVAILABLE;
   }
mozilla-central
Deployed from 72871ee0a733 at 2021-09-16T18:40:01Z.