On Sat, May 9, 2015 3:30 pm, David Woodhouse wrote: > > No, you should be able to do it w/o patching NSS. > > OK... how? > > If the Shared System Database wasn't such an utter failure, not even > being used by Firefox itself, then just installing it there would have > been a nice idea. But *nothing* used the Shared System Database, and > there isn't even a coherent documented way for NSS users to discover > whether they should use it or not. If calling NSS_Initialize() with a > NULL configdir worked and did the right thing (sql:/etc/pki/nssdb where > it's setup, or sql:$HOME/.pki/nssdb otherwise), that would be nice... > but it doesn't.
This is demonstrably not true, such in the case of Chrome. Or did you mean Fedora's particular interpretation of how things should look? Just use the canonical way to configure NSS to look for tokens - in which it also finds your meta-configuration token - namely sql:$HOME/.pki/nssdb And lean on the applications that don't respect NSS's configuration semantics rather than trying to redefine NSS's configuration semantics. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
