File 0001-Change-the-default-certificate-database-format-to-SQ.patch of Package apache2-mod_nss.8802

From 36530cee371164702dc213bf571f49dfaaf5332e Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.com>
Date: Mon, 5 Mar 2018 17:45:07 +0100
Subject: [PATCH] Change the default certificate database format to SQLite.

Since version 3.35, NSS uses by default the SQLite format for certificate
database. Adjust the documentation accordingly.
---
 Makefile.am       |  4 ++--
 docs/mod_nss.html | 46 ++++++++++++++++++++++++----------------------
 nss.conf.in       |  4 ++--
 nss_engine_init.c |  4 ++--
 4 files changed, 30 insertions(+), 28 deletions(-)

Index: mod_nss-1.0.14/Makefile.am
===================================================================
--- mod_nss-1.0.14.orig/Makefile.am	2018-09-18 14:43:11.354192158 +0200
+++ mod_nss-1.0.14/Makefile.am	2018-09-18 14:43:27.890287919 +0200
@@ -102,8 +102,8 @@ check:
 	rm -rf work;	\
 	nosetests -v test_cipher.py;	\
 	if [ `id -u` != 0 ]; then	\
-	./setup.sh -s 1;	\
-	nosetests -v test.py;	\
+	./setup.sh -s 1 dbm:;	\
+	DBPREFIX=dbm: nosetests -v test.py;	\
 	sleep 5;	\
 	rm -rf work;	\
 	./setup.sh -s 1 sql:;	\
Index: mod_nss-1.0.14/docs/mod_nss.html
===================================================================
--- mod_nss-1.0.14.orig/docs/mod_nss.html	2018-09-18 14:43:11.354192158 +0200
+++ mod_nss-1.0.14/docs/mod_nss.html	2018-09-18 14:43:27.890287919 +0200
@@ -221,17 +221,17 @@ Generating key.  This may take a few mom
 [ Lots of output removed ]
 </pre>
 You should now have the following files:<br>
-<pre>/etc/httpd/nss/cert8.db
-/etc/httpd/nss/key3.db
-/etc/httpd/nss/secmod.db
+<pre>/etc/httpd/nss/cert9.db
+/etc/httpd/nss/key4.db
+/etc/httpd/nss/pkcs11.txt
 </pre>
 These 3 files make up an NSS certificate database.<br>
 <br>
-If you have a sql: prefix on the path, like sql:/etc/httpd/nss, then it
-will generate an SQLite NSS database consisting of the following files:<br>
-<pre>/etc/httpd/nss/cert9.db
-/etc/httpd/nss/key4.db
-/etc/httpd/nss/pkcs11.txt</pre>
+If you have a dbm: prefix on the path, like dbm:/etc/httpd/nss, then it
+will generate an Berkeley DB NSS database consisting of the following files:<br>
+<pre>/etc/httpd/nss/cert8.db
+/etc/httpd/nss/key3.db
+/etc/httpd/nss/secmod.db</pre>
 
 
 <h1><a name="Startup"></a>Server Startup</h1>
@@ -383,10 +383,12 @@ password.<br>
 <font size="+2">NSSCertificateDatabase</font><br>
 <br>
 Specifies the location of the NSS certificate database to be used. An
-NSS certificate database consists of 3 files: cert8.db, key3.db and
-secmod.db. cert8.db stores certificates and Certificate Revocation
-Lists (CRLs), key3.db stores keys and secmod.db stores information
+NSS certificate database consists of 3 files: cert9.db, key4.db and
+pkcs11.txt. cert9.db stores certificates and Certificate Revocation
+Lists (CRLs), key4.db stores keys and pkcs11.txt stores information
 about available PKCS#11 modules.<br>
+Before version 3.35, NSS used a Berkeley DB format by default.
+It consisted of files cert8.db, key3.db and secmod.db.<br>
 <br>
 This directive specifies a path, not a filename. To use a sqlite
 NSS database include the prefix sql: in the path.<br>
@@ -398,16 +400,16 @@ NSS database include the prefix sql: in
 <br>
 <big><big>NSSDBPrefix</big></big><br>
 <br>
-Normally a certificate database consists of 3 files: cert8.db, key3.db
-and secmod.db. This directive allows you to add a named prefix to the
-filenames of cert8.db and key3.db so you can store multiple databases
+Normally a certificate database consists of 3 files: cert9.db, key4.db
+and pkcs11.txt. This directive allows you to add a named prefix to the
+filenames of cert9.db and key4.db so you can store multiple databases
 in one directory. <br>
 <br>
 <span style="font-weight: bold;">Example</span><br>
 <br>
 <code>NSSDBPrefix my-prefix-</code><br>
 <br>
-You would then need: my-prefix-cert8.db, my-prefix-key3.db and secmod.db<br>
+You would then need: my-prefix-cert9.db, my-prefix-key4.db and secmod.db<br>
 <br>
 In order to work with files with a prefix using the NSS command-line
 tools use the -P flag.<br>
@@ -1483,14 +1485,14 @@ itself).<br>
 <br>
 
 <h1><a name="Database_Management"></a>Database Management</h1>
-NSS stores it's certificates and keys in a set of files referred to as
-the "certificate database." The files by default (with NSS 3.x) are
-named cert8.db, key3.db and secmod.db. See the NSS documentation at <a href="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</a>
+NSS stores its certificates and keys in a set of files referred to as
+the "certificate database." The files by default (with NSS >= 3.35) are
+named cert9.db, key4.db and pkcs11.txt. See the NSS documentation at <a href="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</a>
 for more information on these specific files.<p>
-By default the NSS databases use the Berkeley Database format (cert8 and
-key3). To use the sqlite format (cert9 and key4) either include sql: in
-all references to the database (-d sql:/path/to/database) or
-<code>export NSS_DEFAULT_DB_TYPE="sql"</code>.
+Before version 3.35 the NSS databases used the Berkeley Database format by default
+(cert8 and key3). To use the old format either include dbm: in
+all references to the database (-d dbm:/path/to/database) or
+<code>export NSS_DEFAULT_DB_TYPE="dbm"</code>.
 </p><p>
 For more details see
 <a href="https://wiki.mozilla.org/NSS_Shared_DB">https://wiki.mozilla.org/NSS_Shared_DB</a><br>
Index: mod_nss-1.0.14/nss.conf.in
===================================================================
--- mod_nss-1.0.14.orig/nss.conf.in	2018-09-18 14:43:11.354192158 +0200
+++ mod_nss-1.0.14/nss.conf.in	2018-09-18 14:43:27.890287919 +0200
@@ -124,14 +124,14 @@ NSSNickname Server-Cert
 
 #   Server Certificate Database:
 #   The NSS security database directory that holds the certificates and
-#   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+#   keys. The database consists of 3 files: cert9.db, key4.db and pkcs11.txt
 #   Provide the directory that these files exist.
 NSSCertificateDatabase @apache_conf@
 
 #   Database Prefix:
 #   In order to be able to store multiple NSS databases in one directory
 #   they need unique names. This option sets the database prefix used for
-#   cert8.db and key3.db.
+#   cert9.db and key4.db.
 #NSSDBPrefix my-prefix-
 
 #   Client Authentication (Type):
Index: mod_nss-1.0.14/nss_engine_init.c
===================================================================
--- mod_nss-1.0.14.orig/nss_engine_init.c	2018-09-18 14:43:25.846276083 +0200
+++ mod_nss-1.0.14/nss_engine_init.c	2018-09-18 14:43:27.890287919 +0200
@@ -179,9 +179,9 @@ static void nss_init_SSLLibrary(server_r
     }
 
     /* Strip the known prefixes */
-    if (strncasecmp(mc->pCertificateDatabase, "sql:", 4) == 0)
+    if (strncasecmp(mc->pCertificateDatabase, SQLDB, 4) == 0)
         dbdir = (char *)mc->pCertificateDatabase + 4;
-    else if (strncasecmp(mc->pCertificateDatabase, "dbm:", 4) == 0)
+    else if (strncasecmp(mc->pCertificateDatabase, LEGACY, 4) == 0)
         dbdir = (char *)mc->pCertificateDatabase + 4;
     else
         dbdir = (char *)mc->pCertificateDatabase;