NSS db back-end flexibility.
This commit is contained in:
parent
c03564ad50
commit
d4d48edc48
|
@ -224,6 +224,7 @@ def old_configure_options(*options):
|
|||
'--enable-require-all-d3dc-versions',
|
||||
'--enable-safe-browsing',
|
||||
'--enable-sandbox',
|
||||
'--enable-security-sqlstore',
|
||||
'--enable-signmar',
|
||||
'--enable-simulator',
|
||||
'--enable-small-chunk-size',
|
||||
|
|
|
@ -2164,6 +2164,7 @@ MOZ_JETPACK=1
|
|||
MOZ_DEVTOOLS_SERVER=1
|
||||
MOZ_DEVTOOLS=
|
||||
MOZ_PLACES=1
|
||||
MOZ_SECURITY_SQLSTORE=
|
||||
MOZ_SERVICES_HEALTHREPORT=1
|
||||
MOZ_SERVICES_SYNC=1
|
||||
MOZ_USERINFO=1
|
||||
|
@ -2984,6 +2985,25 @@ fi
|
|||
AC_SUBST(NSS_DISABLE_DBM)
|
||||
|
||||
dnl ========================================================
|
||||
dnl = NSS SQL storage format
|
||||
dnl =========================================================
|
||||
MOZ_ARG_ENABLE_BOOL(security-sqlstore,
|
||||
[ --enable-security-sqlstore Enable the use of SQL storage for NSS],
|
||||
MOZ_SECURITY_SQLSTORE=1,
|
||||
MOZ_SECURITY_SQLSTORE=)
|
||||
|
||||
|
||||
if test -n "$NSS_DISABLE_DBM" -a -z "$MOZ_SECURITY_SQLSTORE"; then
|
||||
AC_MSG_ERROR([DBM storage support is required if not using NSS SQL storage])
|
||||
fi
|
||||
|
||||
if test -n "$MOZ_SECURITY_SQLSTORE"; then
|
||||
AC_DEFINE(MOZ_SECURITY_SQLSTORE)
|
||||
fi
|
||||
|
||||
AC_SUBST(MOZ_SECURITY_SQLSTORE)
|
||||
|
||||
dnl =========================================================
|
||||
dnl = Disable PulseAudio
|
||||
dnl ========================================================
|
||||
|
||||
|
|
|
@ -1102,7 +1102,12 @@ InitializeNSS(const nsACString& dir, bool readOnly, bool loadPKCS11Modules)
|
|||
flags |= NSS_INIT_NOMODDB;
|
||||
}
|
||||
nsAutoCString dbTypeAndDirectory;
|
||||
#ifdef MOZ_SECURITY_SQLSTORE
|
||||
// Not strictly necessary with current NSS versions, but can't hurt to be explicit.
|
||||
dbTypeAndDirectory.Append("sql:");
|
||||
#else
|
||||
dbTypeAndDirectory.Append("dbm:");
|
||||
#endif
|
||||
dbTypeAndDirectory.Append(dir);
|
||||
return ::NSS_Initialize(dbTypeAndDirectory.get(), "", "", SECMOD_DB, flags);
|
||||
}
|
||||
|
|
|
@ -12,6 +12,9 @@
|
|||
#include "SharedSSLState.h"
|
||||
#include "cert.h"
|
||||
#include "certdb.h"
|
||||
#ifdef MOZ_SECURITY_SQLSTORE
|
||||
#include "mozStorageCID.h"
|
||||
#endif
|
||||
#include "mozilla/ArrayUtils.h"
|
||||
#include "mozilla/Casting.h"
|
||||
#include "mozilla/Preferences.h"
|
||||
|
@ -1712,16 +1715,25 @@ GetNSSProfilePath(nsAutoCString& aProfilePath)
|
|||
}
|
||||
|
||||
#if defined(XP_WIN)
|
||||
// Native path will drop Unicode characters that cannot be mapped to system's
|
||||
// codepage, using short (canonical) path as workaround.
|
||||
nsCOMPtr<nsILocalFileWin> profileFileWin(do_QueryInterface(profileFile));
|
||||
if (!profileFileWin) {
|
||||
MOZ_LOG(gPIPNSSLog, LogLevel::Error,
|
||||
("Could not get nsILocalFileWin for profile directory.\n"));
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
rv = profileFileWin->GetNativeCanonicalPath(aProfilePath);
|
||||
#ifdef MOZ_SECURITY_SQLSTORE
|
||||
// SQLite always takes UTF-8 file paths regardless of the current system
|
||||
// code page.
|
||||
nsAutoString u16ProfilePath;
|
||||
rv = profileFileWin->GetCanonicalPath(u16ProfilePath);
|
||||
CopyUTF16toUTF8(u16ProfilePath, aProfilePath);
|
||||
#else
|
||||
// Native path will drop Unicode characters that cannot be mapped to system's
|
||||
// codepage, using short (canonical) path as workaround.
|
||||
rv = profileFileWin->GetNativeCanonicalPath(aProfilePath);
|
||||
#endif
|
||||
#else
|
||||
// On non-Windows, just get the native profile path.
|
||||
rv = profileFile->GetNativePath(aProfilePath);
|
||||
#endif
|
||||
#ifdef ANDROID
|
||||
|
@ -2005,6 +2017,14 @@ nsNSSComponent::Init()
|
|||
return NS_ERROR_NOT_SAME_THREAD;
|
||||
}
|
||||
|
||||
#ifdef MOZ_SECURITY_SQLSTORE
|
||||
// To avoid an sqlite3_config race in NSS init, we require the storage service to get initialized first.
|
||||
nsCOMPtr<nsISupports> storageService = do_GetService(MOZ_STORAGE_SERVICE_CONTRACTID);
|
||||
if (!storageService) {
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
#endif
|
||||
|
||||
nsresult rv = NS_OK;
|
||||
|
||||
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n"));
|
||||
|
|
|
@ -2818,19 +2818,26 @@ XREMain::XRE_mainInit(bool* aExitFlag)
|
|||
#endif
|
||||
|
||||
SetupErrorHandling(gArgv[0]);
|
||||
|
||||
// Set up environment for NSS DBM database
|
||||
|
||||
// Set up environment for NSS database choice
|
||||
#ifndef NSS_DISABLE_DBM
|
||||
// Allow iteration counts in DBM mode
|
||||
SaveToEnv("NSS_ALLOW_LEGACY_DBM_ITERATION_COUNT=1");
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG
|
||||
// Reduce the number of rounds for debug builds for perf/test reasons.
|
||||
SaveToEnv("NSS_MAX_MP_PBE_ITERATION_COUNT=15");
|
||||
#else
|
||||
#ifdef MOZ_SECURITY_SQLSTORE
|
||||
// We're using SQL; NSS's defaults for rounds are fine.
|
||||
#else
|
||||
// Set default Master Password rounds to a sane value for DBM which is slower
|
||||
// than SQL for PBKDF. The NSS hard-coded default of 10,000 is too much.
|
||||
// See also Bug 1606992 for perf issues.
|
||||
#ifdef DEBUG
|
||||
SaveToEnv("NSS_MAX_MP_PBE_ITERATION_COUNT=15");
|
||||
#else
|
||||
SaveToEnv("NSS_MAX_MP_PBE_ITERATION_COUNT=500");
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef CAIRO_HAS_DWRITE_FONT
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue