Michael, Michael Ströder wrote: > Wan-Teh Chang wrote: >> Most NSS-based server applications open the NSS databases in >> read-only mode, so they can run with multiple processes safely. But >> client applications such as Firefox and Thunderbird open the NSS >> databases in read-write mode. > > According to what Nelson said, cmsutil also opens in read-write mode > which would IMHO not be necessary.
The reason cmsutil does that is probably so that it can import recipient certs found in PKCS#7 / S/MIME messages into the certificate database. This could probably be changed or parameterized if one does not desire that behavior. There are other tools that initialize read-write, such as of course certutil, crlutil, pk12util, all of which have functions to write or delete objects in the database . _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
