Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
apache2-mod_nss
0001-Change-the-default-certificate-database-fo...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Change-the-default-certificate-database-format-to-SQ.patch of Package apache2-mod_nss
From 36530cee371164702dc213bf571f49dfaaf5332e Mon Sep 17 00:00:00 2001 From: Vitezslav Cizek <vcizek@suse.com> Date: Mon, 5 Mar 2018 17:45:07 +0100 Subject: [PATCH] Change the default certificate database format to SQLite. Since version 3.35, NSS uses by default the SQLite format for certificate database. Adjust the documentation accordingly. --- Makefile.am | 4 ++-- docs/mod_nss.html | 46 ++++++++++++++++++++++++---------------------- nss.conf.in | 4 ++-- nss_engine_init.c | 4 ++-- 4 files changed, 30 insertions(+), 28 deletions(-) Index: mod_nss-1.0.14/Makefile.am =================================================================== --- mod_nss-1.0.14.orig/Makefile.am 2018-09-18 14:43:11.354192158 +0200 +++ mod_nss-1.0.14/Makefile.am 2018-09-18 14:43:27.890287919 +0200 @@ -102,8 +102,8 @@ check: rm -rf work; \ nosetests -v test_cipher.py; \ if [ `id -u` != 0 ]; then \ - ./setup.sh -s 1; \ - nosetests -v test.py; \ + ./setup.sh -s 1 dbm:; \ + DBPREFIX=dbm: nosetests -v test.py; \ sleep 5; \ rm -rf work; \ ./setup.sh -s 1 sql:; \ Index: mod_nss-1.0.14/docs/mod_nss.html =================================================================== --- mod_nss-1.0.14.orig/docs/mod_nss.html 2018-09-18 14:43:11.354192158 +0200 +++ mod_nss-1.0.14/docs/mod_nss.html 2018-09-18 14:43:27.890287919 +0200 @@ -221,17 +221,17 @@ Generating key. This may take a few mom [ Lots of output removed ] </pre> You should now have the following files:<br> -<pre>/etc/httpd/nss/cert8.db -/etc/httpd/nss/key3.db -/etc/httpd/nss/secmod.db +<pre>/etc/httpd/nss/cert9.db +/etc/httpd/nss/key4.db +/etc/httpd/nss/pkcs11.txt </pre> These 3 files make up an NSS certificate database.<br> <br> -If you have a sql: prefix on the path, like sql:/etc/httpd/nss, then it -will generate an SQLite NSS database consisting of the following files:<br> -<pre>/etc/httpd/nss/cert9.db -/etc/httpd/nss/key4.db -/etc/httpd/nss/pkcs11.txt</pre> +If you have a dbm: prefix on the path, like dbm:/etc/httpd/nss, then it +will generate an Berkeley DB NSS database consisting of the following files:<br> +<pre>/etc/httpd/nss/cert8.db +/etc/httpd/nss/key3.db +/etc/httpd/nss/secmod.db</pre> <h1><a name="Startup"></a>Server Startup</h1> @@ -383,10 +383,12 @@ password.<br> <font size="+2">NSSCertificateDatabase</font><br> <br> Specifies the location of the NSS certificate database to be used. An -NSS certificate database consists of 3 files: cert8.db, key3.db and -secmod.db. cert8.db stores certificates and Certificate Revocation -Lists (CRLs), key3.db stores keys and secmod.db stores information +NSS certificate database consists of 3 files: cert9.db, key4.db and +pkcs11.txt. cert9.db stores certificates and Certificate Revocation +Lists (CRLs), key4.db stores keys and pkcs11.txt stores information about available PKCS#11 modules.<br> +Before version 3.35, NSS used a Berkeley DB format by default. +It consisted of files cert8.db, key3.db and secmod.db.<br> <br> This directive specifies a path, not a filename. To use a sqlite NSS database include the prefix sql: in the path.<br> @@ -398,16 +400,16 @@ NSS database include the prefix sql: in <br> <big><big>NSSDBPrefix</big></big><br> <br> -Normally a certificate database consists of 3 files: cert8.db, key3.db -and secmod.db. This directive allows you to add a named prefix to the -filenames of cert8.db and key3.db so you can store multiple databases +Normally a certificate database consists of 3 files: cert9.db, key4.db +and pkcs11.txt. This directive allows you to add a named prefix to the +filenames of cert9.db and key4.db so you can store multiple databases in one directory. <br> <br> <span style="font-weight: bold;">Example</span><br> <br> <code>NSSDBPrefix my-prefix-</code><br> <br> -You would then need: my-prefix-cert8.db, my-prefix-key3.db and secmod.db<br> +You would then need: my-prefix-cert9.db, my-prefix-key4.db and secmod.db<br> <br> In order to work with files with a prefix using the NSS command-line tools use the -P flag.<br> @@ -1483,14 +1485,14 @@ itself).<br> <br> <h1><a name="Database_Management"></a>Database Management</h1> -NSS stores it's certificates and keys in a set of files referred to as -the "certificate database." The files by default (with NSS 3.x) are -named cert8.db, key3.db and secmod.db. See the NSS documentation at <a href="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</a> +NSS stores its certificates and keys in a set of files referred to as +the "certificate database." The files by default (with NSS >= 3.35) are +named cert9.db, key4.db and pkcs11.txt. See the NSS documentation at <a href="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</a> for more information on these specific files.<p> -By default the NSS databases use the Berkeley Database format (cert8 and -key3). To use the sqlite format (cert9 and key4) either include sql: in -all references to the database (-d sql:/path/to/database) or -<code>export NSS_DEFAULT_DB_TYPE="sql"</code>. +Before version 3.35 the NSS databases used the Berkeley Database format by default +(cert8 and key3). To use the old format either include dbm: in +all references to the database (-d dbm:/path/to/database) or +<code>export NSS_DEFAULT_DB_TYPE="dbm"</code>. </p><p> For more details see <a href="https://wiki.mozilla.org/NSS_Shared_DB">https://wiki.mozilla.org/NSS_Shared_DB</a><br> Index: mod_nss-1.0.14/nss.conf.in =================================================================== --- mod_nss-1.0.14.orig/nss.conf.in 2018-09-18 14:43:11.354192158 +0200 +++ mod_nss-1.0.14/nss.conf.in 2018-09-18 14:43:27.890287919 +0200 @@ -124,14 +124,14 @@ NSSNickname Server-Cert # Server Certificate Database: # The NSS security database directory that holds the certificates and -# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. +# keys. The database consists of 3 files: cert9.db, key4.db and pkcs11.txt # Provide the directory that these files exist. NSSCertificateDatabase @apache_conf@ # Database Prefix: # In order to be able to store multiple NSS databases in one directory # they need unique names. This option sets the database prefix used for -# cert8.db and key3.db. +# cert9.db and key4.db. #NSSDBPrefix my-prefix- # Client Authentication (Type): Index: mod_nss-1.0.14/nss_engine_init.c =================================================================== --- mod_nss-1.0.14.orig/nss_engine_init.c 2018-09-18 14:43:25.846276083 +0200 +++ mod_nss-1.0.14/nss_engine_init.c 2018-09-18 14:43:27.890287919 +0200 @@ -179,9 +179,9 @@ static void nss_init_SSLLibrary(server_r } /* Strip the known prefixes */ - if (strncasecmp(mc->pCertificateDatabase, "sql:", 4) == 0) + if (strncasecmp(mc->pCertificateDatabase, SQLDB, 4) == 0) dbdir = (char *)mc->pCertificateDatabase + 4; - else if (strncasecmp(mc->pCertificateDatabase, "dbm:", 4) == 0) + else if (strncasecmp(mc->pCertificateDatabase, LEGACY, 4) == 0) dbdir = (char *)mc->pCertificateDatabase + 4; else dbdir = (char *)mc->pCertificateDatabase;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor