[tor-bugs] #2949 [Tor Browser]: Make Intermediate Cert Store Memory-Only for TorBrowser
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon May 2 05:39:06 UTC 2011
#2949: Make Intermediate Cert Store Memory-Only for TorBrowser
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: accepted
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: | Parent: #2877
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by mikeperry):
Looks like the intermediate cert store is in cert8.db, which appears to be
opened by
https://mxr.mozilla.org/mozilla2.0/source/security/nss/lib/softoken/legacydb/lginit.c#360
It looks like we may be able to control the use of the db file via a
parameter in nss_init:
https://mxr.mozilla.org/mozilla2.0/source/security/nss/lib/nss/nssinit.c#525
NSS_INIT_NOCERTDB seems to be the flag we want, and the NSS init appears
to be called from nsNSSComponent::InitializeNSS(). It looks like we must
hardcode this flag ourselves. But it also looks like a one-line patch for
us (though adding an about:config option might make it a few lines).
It's not clear if this will explode everything or not. We'll need to test
this and see what happens.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2949#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list