Glen Beasley wrote: > Dennis Sinelnikov wrote: > >> Hello, >> >> Is there a way to open more than 1 NSS truststore using JSS? >> Specifically, within the same lifecycle of the java application. >> >> > > What do you mean by trust store?
If you mean NSS trust domain, then no, the trust domains are still internal to NSS and there is no API to open more than one. If you mean sources of trusted data (a la nssckbi), then yes, each trust store is just another PKCS #11 module. If you mean NSS databases, then the answer is maybe... > At this time no. The database NSS currently uses, can't be used by > multiple processes. > The second part is true, but unrelated to your question. 2 processes can not share an NSS database (though they can share a PKCS #11 module, so multiple processes openning nssckbi, for instance, is OK). I believe your question is can a single process open multiple databases. The answer from an NSS API POV is "yes"! In NSS 3.9 or 3.10 we added an interface to allow processes to open additional NSS databases on the fly. Those databases show up as new slots. Prior to NSS 3.9, it was possible to open multiple NSS databases by changing the config parameter at initialization time. I do know know if any of these required interfaces are reflected back into JSS. My guess is no. It may be possible fake out JSS by initializing NSS first in C, but my guess is this may be to cumbersome. > The multiaccess database feature is planned but is not expected until > NSS 3.13. Once > implemented JSS would then be able to use this feature. > > http://wiki.mozilla.org/NSS:Roadmap#SQLite-Based_Multiaccess_Certificate_and_Key_Databases > > > -glen > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
