Thank you Bob and Glen for the info. Bob, you're right. I do want to open multiple NSS databases (cert8.db/key3.db) dynamically via 1 process (jvm in my case). I'll see if I can fake out JSS, or perhaps add this functionality to JSS.
I'm somewhat surprised that this functionality is not already available via JSS, perhaps I'm missing something. -Dennis Robert Relyea wrote: > Glen Beasley wrote: >> Dennis Sinelnikov wrote: >> >>> Hello, >>> >>> Is there a way to open more than 1 NSS truststore using JSS? >>> Specifically, within the same lifecycle of the java application. >>> >> >> > What do you mean by trust store? > > If you mean NSS trust domain, then no, the trust domains are still > internal to NSS and there is no API to open more than one. > > If you mean sources of trusted data (a la nssckbi), then yes, each trust > store is just another PKCS #11 module. > > If you mean NSS databases, then the answer is maybe... >> At this time no. The database NSS currently uses, can't be used by >> multiple processes. >> > The second part is true, but unrelated to your question. 2 processes can > not share an NSS database (though they can share a PKCS #11 module, so > multiple processes openning nssckbi, for instance, is OK). I believe > your question is can a single process open multiple databases. The > answer from an NSS API POV is "yes"! In NSS 3.9 or 3.10 we added an > interface to allow processes to open additional NSS databases on the > fly. Those databases show up as new slots. Prior to NSS 3.9, it was > possible to open multiple NSS databases by changing the config parameter > at initialization time. I do know know if any of these required > interfaces are reflected back into JSS. My guess is no. It may be > possible fake out JSS by initializing NSS first in C, but my guess is > this may be to cumbersome. >> The multiaccess database feature is planned but is not expected until >> NSS 3.13. Once >> implemented JSS would then be able to use this feature. >> >> http://wiki.mozilla.org/NSS:Roadmap#SQLite-Based_Multiaccess_Certificate_and_Key_Databases >> >> >> >> >> -glen >> >> _______________________________________________ >> dev-tech-crypto mailing list >> dev-tech-crypto@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-tech-crypto >> > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
