81 + |
81 + |
82 #include "nsNSSComponent.h" |
82 #include "nsNSSComponent.h" |
83 |
83 |
84 #include "ExtendedValidation.h" |
84 #include "ExtendedValidation.h" |
85 #include "NSSCertDBTrustDomain.h" |
85 #include "NSSCertDBTrustDomain.h" |
86 #include "mozilla/Telemetry.h" |
86 #include "SharedSSLState.h" |
87 #include "nsAppDirectoryServiceDefs.h" |
87 #include "mozilla/Preferences.h" |
88 #include "nsCertVerificationThread.h" |
88 #include "mozilla/PublicSSL.h" |
89 #include "nsAppDirectoryServiceDefs.h" |
89 #include "mozilla/Services.h" |
90 @@ -1015,17 +1022,31 @@ nsNSSComponent::InitializeNSS() |
90 @@ -1007,17 +1014,31 @@ nsNSSComponent::InitializeNSS() |
91 return NS_ERROR_NOT_AVAILABLE; |
91 return rv; |
|
92 } |
92 } |
93 } |
93 |
94 MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("inSafeMode: %u\n", inSafeMode)); |
94 SECStatus init_rv = SECFailure; |
|
95 bool nocertdb = Preferences::GetBool("security.nocertdb", false); |
|
96 |
95 |
97 if (!nocertdb && !profileStr.IsEmpty()) { |
96 if (!nocertdb && !profileStr.IsEmpty()) { |
98 // First try to initialize the NSS DB in read/write mode. |
97 // First try to initialize the NSS DB in read/write mode. |
|
98 // Only load PKCS11 modules if we're not in safe mode. |
99 +#ifdef MOZ_ENABLE_NSSHELPER |
99 +#ifdef MOZ_ENABLE_NSSHELPER |
100 + if (PR_GetEnv("MOZ_XRE_NO_NSSHELPER")) { |
100 + if (PR_GetEnv("MOZ_XRE_NO_NSSHELPER")) { |
101 + init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false); |
101 + init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode); |
102 + } else { |
102 + } else { |
103 + uint32_t flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE; |
103 + uint32_t flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE; |
104 + init_rv = ::nsshelp_open_db ("Firefox", profileStr.get(), flags); |
104 + init_rv = ::nsshelp_open_db ("Firefox", profileStr.get(), flags); |
105 + |
105 + |
106 + if (init_rv != SECSuccess) { |
106 + if (init_rv != SECSuccess) { |
107 + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("can not init NSS using nsshelp_open_db in %s\n", profileStr.get())); |
107 + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("can not init NSS using nsshelp_open_db in %s\n", profileStr.get())); |
108 + init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false); |
108 + init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode); |
109 + } |
109 + } |
110 + } |
110 + } |
111 +#else |
111 +#else |
112 init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false); |
112 init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode); |
113 +#endif |
113 +#endif |
114 // If that fails, attempt read-only mode. |
114 // If that fails, attempt read-only mode. |
115 if (init_rv != SECSuccess) { |
115 if (init_rv != SECSuccess) { |
116 MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get())); |
116 MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get())); |
117 init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true); |
117 init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true, !inSafeMode); |
118 } |
118 } |
119 if (init_rv != SECSuccess) { |
119 if (init_rv != SECSuccess) { |
120 MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n")); |
120 MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n")); |
121 } |
121 } |
122 diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build |
122 diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build |