Changes

Jump to: navigation, search

NSS Shared DB

126 bytes added, 18:45, 1 February 2008
Database Upgrade
To understand the issues of migration to the Shareable Database version of NSS from the traditional (legacy) versions, we group applications that use the new version of NSS into three 'modes' of operation, and into two types for a total of five valid combinations (Mode 1 B is not valid)..
====== Mode 1 ======
Mode 1: Legacy applications which formerly used DBM databases and upgrade to the new version of NSS without making any changes to the applications' code, or applications that chose to continue to use the DBM database.
Application Changes: none.
====== Mode 2 ======
Mode 2: Applications that use the new shareable database engine, but choose not to share copies of their cert and key stores, or applications which would prefer to merge databases as a separate step. They may or may not have existing legacy DBM databases from older versions of those applications. (Some servers might be like this.) Typically users of these applications are aware of the NSS databases and the locations of these databases.
trust.
====== Mode 3 ======
Mode 3: Applications that intend to share their keys and certs with other applications (the common case - browsers, mail clients, secure shells, vpns, etc.) and which the users typically have little or no awareness of what the NSS databases are and where they might be.
NOTE: While database Upgrade may involve a merge (mode 3), database upgrade is not merging. See the section on how to manage merging databases.
====== Mode 1 ======
Mode 1 Applications can continue to call the traditional NSS_Initialize() function without changes. Mode 1 applications which need to guarantee that they open only old DBM databases should prepend the string "dbm:" to the directory path passed to NSS in the configdir parameter of NSS_Initialize().
====== Mode 2 ======
Mode 2 Applications can also continue to call traditional NSS_Initialize() functions. The should, however, prepend the string "sql:" to the directory path passed to NSS in the configdir parameter. If the sql databases do not exist, NSS will automatically update any old DBM databases in the config directory to shared databases. Like the upgrade from cert7 to cert8, if the update does not work, the app will open and use the old DBM database. Upgrade will not happen if
# NSS is opened readOnly.
Sample code fragment.
====== Mode 3 ======
Mode 3 Applications are the most complicated. NSS provides some services to help applications get through and update and merge with the least interaction with the user of the application.
439
edits

Navigation menu