Julien R Pierre - Sun Microsystems wrote:
Actually certutil opens the certificate database read-write or read only depending on the operation. (Listing/exporting/etc opens the database r/o, keygen, importing, etc opens the database r/w). pk12util doesn't even open a database if it's just dumping out the contents of the .p12 file. It does seem to open the database r/w if even if we are exporting a key, which would be easy to fix so it doesn't.Michael,Michael Ströder wrote:Wan-Teh Chang wrote:According to what Nelson said, cmsutil also opens in read-write mode which would IMHO not be necessary.Most NSS-based server applications open the NSS databases in read-only mode, so they can run with multiple processes safely. But client applications such as Firefox and Thunderbird open the NSS databases in read-write mode.The reason cmsutil does that is probably so that it can import recipient certs found in PKCS#7 / S/MIME messages into the certificate database. This could probably be changed or parameterized if one does not desire that behavior.There are other tools that initialize read-write, such as of course certutil, crlutil, pk12util, all of which have functions to write or delete objects in the database .
bob
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
