I'm trying to do a programmatic certificate import into Firefox 3.x
using NSS_Initialize, PK11_GetInternalKeySlot,
CERT_DecodeCertFromPackage, PK11_ImportCert, and CERT_ChangeCertTrust.
I've seen various postings on this list in the past that seem to
indicate that this is not safe due to the underlying DB engine not
supporting write concurrency across multiple processes, and the sqlite
DB support not being enabled by default in 3.x.
Is it possible to do programmatic certificate import in Firefox 3.x in a
way that doesn't require a browser restart or changes to default
settings, and that fits into any DB concurrency limitations?
I also noticed that I am able to execute the above sequence of function
calls while Firefox 3.0.19 is running and I don't get an error return
from the calls, however the cert is not visible to Firefox until it is
restarted.
I'm worried that I was able to execute these functions without an error
(I would assume that a non-concurrent DB would open its underlying data
files with exclusive access to prevent corruption). Does this mean that
NSS will let me walk off a cliff by allowing operations that might cause
DB corruption or does the fact that I didn't see an error really mean
that the operation succeeded because Firefox didn't have the cert DB
open for write access when I made the calls?
James
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
