diff options
author | Michael Stahl <Michael.Stahl@cib.de> | 2018-08-09 11:55:09 +0200 |
---|---|---|
committer | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2018-08-14 21:00:40 +0200 |
commit | 905b46799d2b94173ec0275e26ad25f4ab20f4f8 (patch) | |
tree | 4070141b3333433e78916eaf7f3178603cbff71a /xmlsecurity | |
parent | 54be5edb1b6d72efa0150f0482b6313fd26fbfb2 (diff) |
xmlsecurity: nsscrypto_initialize: try to avoid profile migration
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.35_release_notes
NSS 3.35 and later will automatically migrate migrate profiles from the
old "dbm:" BDB format to the new "sql:" SQLite format.
The new format can be read by NSS 3.12 and later, which is old enough that
it can be assumed to be available.
However LibreOffice still shouldn't migrate the profile on its own:
LO typically uses a Mozilla Firefox or Thunderbird profile, and if it is
a system Firefox with system NSS libraries, then it's probably a bad
idea for LO to migrate the profile under Firefox's nose, particularly
considering the "partial migration" scenario if the profile is
password-protected.
Try to avoid this by checking if the profile is the old format and
explicitly using the "dbm:" prefix to prevent the migration.
Change-Id: I06480522f830ce74e2fb7bf79fee84ad80979b82
Reviewed-on: https://gerrit.libreoffice.org/58756
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
(cherry picked from commit 61688aa1abd9db9adbb8dc5d5aacc6269b21fd27)
Reviewed-on: https://gerrit.libreoffice.org/58973
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Diffstat (limited to 'xmlsecurity')
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/nssinitializer.cxx | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx index c402e2833604..af1cf9816ebb 100644 --- a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx +++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx @@ -244,6 +244,20 @@ bool nsscrypto_initialize( const css::uno::Reference< css::uno::XComponentContex // there might be no profile if ( !sCertDir.isEmpty() ) { + if (sCertDir.indexOf(':') == -1) //might be env var with explicit prefix + { + OUString sCertDirURL; + osl::FileBase::getFileURLFromSystemPath( + OStringToOUString(sCertDir, osl_getThreadTextEncoding()), + sCertDirURL); + osl::DirectoryItem item; + if (osl::FileBase::E_NOENT != osl::DirectoryItem::get(sCertDirURL + "/cert8.db", item) && + osl::FileBase::E_NOENT == osl::DirectoryItem::get(sCertDirURL + "/cert9.db", item)) + { + SAL_INFO("xmlsecurity.xmlsec", "nsscrypto_initialize: trying to avoid profile migration"); + sCertDir = "dbm:" + sCertDir; + } + } if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess ) { SAL_INFO("xmlsecurity.xmlsec", "Initializing NSS with profile failed."); |