Hi -
On Wed, Apr 24, 2013 at 12:11:16PM +1000, Ken McDonell wrote:
> [...] In my regression environment, $NSS_DEFAULT_DB_TYPE does not
> change the behaviour at all. This is with my code change (so sql:
> is removed by setting $PCP_SECURE_DB_METHOD to an empty string). I
> think this is very close to the behaviour you're planning/expecting.
Yes, if you're using the non-sqlite NSS.
> [...]
> /home/kenj/.pki/nssdb:
> cert8.db key3.db secmod.db
> kenj@vm04:~$ file ~/.pki/nssdb/*
> /home/kenj/.pki/nssdb/cert8.db: Berkeley DB 1.85 (Hash, version 2, native
> byte-order)
> /home/kenj/.pki/nssdb/key3.db: Berkeley DB 1.85 (Hash, version 2, native
> byte-order)
> /home/kenj/.pki/nssdb/secmod.db: Berkeley DB 1.85 (Hash, version 2, native
> byte-order)
Right. Would you mind trying the same test on a RHEL6-era type box too, where
nss >= v3.12 ? There should be a sqlite cert9.db / key4.db created.
> > I believe this will allow us to provide our preference (new format) but also
> > co-exist with down-rev nss, and the users preferences.
> My only concern with this is that it changes the default behaviour
> from what we did in the previous release.
I don't think it changes the default. It just makes it happen a different way
(on modern NSS) and lets older NSS work also.
- FChE
|