bug 1417277 - remove support for MOZPSM_NSSDBDIR_OVERRIDE r?jcj
MOZPSM_NSSDBDIR_OVERRIDE was added in
bug 462919 for integration with xulrunner
applications. Upcoming changes we're aiming to make with how PSM handles NSS and
the certificate/key databases (e.g. making the sqlite-backed implementation
mandatory) mean we have to take this feature into account. xulrunner isn't
supported any longer. Searching the web for "MOZPSM_NSSDBDIR_OVERRIDE" yields
two kinds of results: mozilla-central source code and a man page for nss-gui,
which it seems is the only project that ever made use of
MOZPSM_NSSDBDIR_OVERRIDE (and hasn't been updated since 2013, from what I can
tell). I think it's fair to conclude that this isn't a widely-used (let alone
known) feature. To make development easier, we should remove it.
MozReview-Commit-ID: 56vcTYSzDPq
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -1060,20 +1060,17 @@ InitializeNSS(const nsACString& dir, boo
if (readOnly) {
flags |= NSS_INIT_READONLY;
}
if (!loadPKCS11Modules) {
flags |= NSS_INIT_NOMODDB;
}
bool useSQLDB = Preferences::GetBool("security.use_sqldb", false);
nsAutoCString dbTypeAndDirectory;
- // Don't change any behavior if the user has specified an alternative database
- // location with MOZPSM_NSSDBDIR_OVERRIDE.
- const char* dbDirOverride = getenv("MOZPSM_NSSDBDIR_OVERRIDE");
- if (useSQLDB && (!dbDirOverride || strlen(dbDirOverride) == 0)) {
+ if (useSQLDB) {
dbTypeAndDirectory.Append("sql:");
}
dbTypeAndDirectory.Append(dir);
MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
("InitializeNSS(%s, %d, %d)", dbTypeAndDirectory.get(), readOnly,
loadPKCS11Modules));
SECStatus srv = NSS_Initialize(dbTypeAndDirectory.get(), "", "",
SECMOD_DB, flags);
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1740,25 +1740,16 @@ nsNSSComponent::setEnabledTLSVersions()
return NS_OK;
}
static nsresult
GetNSSProfilePath(nsAutoCString& aProfilePath)
{
aProfilePath.Truncate();
- const char* dbDirOverride = getenv("MOZPSM_NSSDBDIR_OVERRIDE");
- if (dbDirOverride && strlen(dbDirOverride) > 0) {
- MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
- ("Using specified MOZPSM_NSSDBDIR_OVERRIDE as NSS DB dir: %s\n",
- dbDirOverride));
- aProfilePath.Assign(dbDirOverride);
- return NS_OK;
- }
-
nsCOMPtr<nsIFile> profileFile;
nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
getter_AddRefs(profileFile));
if (NS_FAILED(rv)) {
NS_WARNING("NSS will be initialized without a profile directory. "
"Some things may not work as expected.");
return NS_OK;
}
@@ -1792,25 +1783,16 @@ GetNSSProfilePath(nsAutoCString& aProfil
// "<original name>.fips". In the case of a catastrophic failure (e.g. out of
// memory), returns a failing nsresult. If execution could conceivably proceed,
// returns NS_OK even if renaming the file didn't work. This simplifies the
// logic of the calling code.
static nsresult
AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath,
const nsACString& moduleDBFilename)
{
- // profilePath may come from the environment variable
- // MOZPSM_NSSDBDIR_OVERRIDE. If so, the user's NSS DBs are most likely not in
- // their profile directory and we shouldn't mess with them.
- const char* dbDirOverride = getenv("MOZPSM_NSSDBDIR_OVERRIDE");
- if (dbDirOverride && strlen(dbDirOverride) > 0) {
- MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
- ("MOZPSM_NSSDBDIR_OVERRIDE set - not renaming PKCS#11 module DB"));
- return NS_OK;
- }
nsAutoCString destModuleDBFilename(moduleDBFilename);
destModuleDBFilename.Append(".fips");
nsCOMPtr<nsIFile> dbFile = do_CreateInstance("@mozilla.org/file/local;1");
if (!dbFile) {
return NS_ERROR_FAILURE;
}
nsresult rv = dbFile->InitWithNativePath(profilePath);
if (NS_FAILED(rv)) {
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -37,18 +37,16 @@ pref("security.default_personal_cert",
pref("security.remember_cert_checkbox_default_setting", true);
pref("security.ask_for_password", 0);
pref("security.password_lifetime", 30);
// If true, use the modern sqlite-backed certificate and key databases in NSS.
// If false, use the default format. Currently the default in NSS is the old
// BerkeleyDB format, but this will change in bug 1377940.
// Changing this requires a restart to take effect.
-// Note that the environment variable MOZPSM_NSSDBDIR_OVERRIDE can override both
-// the behavior of this preference and the NSS default.
pref("security.use_sqldb", true);
// The supported values of this pref are:
// 0: disable detecting Family Safety mode and importing the root
// 1: only attempt to detect Family Safety mode (don't import the root)
// 2: detect Family Safety mode and import the root
// (This is only relevant to Windows 8.1)
pref("security.family_safety.mode", 2);