bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj

MozReview-Commit-ID: 2qoJz5gDPyY

--HG--
extra : rebase_source : 89ccda87138ac02004d290f621e9d53dcddc08ff

security/certverifier/NSSCertDBTrustDomain.cpp

@@ -19,7 +19,6 @@
 #include "mozilla/Casting.h"
 #include "mozilla/Move.h"
 #include "mozilla/PodOperations.h"
-#include "mozilla/Preferences.h"
 #include "mozilla/TimeStamp.h"
 #include "mozilla/Unused.h"
 #include "nsCRTGlue.h"
@@ -1063,11 +1062,7 @@ InitializeNSS(const nsACString& dir, bool readOnly, bool loadPKCS11Modules)
   if (!loadPKCS11Modules) {
     flags |= NSS_INIT_NOMODDB;
   }
-  bool useSQLDB = Preferences::GetBool("security.use_sqldb", false);
-  nsAutoCString dbTypeAndDirectory;
-  if (useSQLDB) {
-    dbTypeAndDirectory.Append("sql:");
-  }
+  nsAutoCString dbTypeAndDirectory("sql:");
   dbTypeAndDirectory.Append(dir);
   MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
           ("InitializeNSS(%s, %d, %d)", dbTypeAndDirectory.get(), readOnly,

security/manager/ssl/nsNSSComponent.cpp

@@ -1855,9 +1855,11 @@ AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath,
   return NS_OK;
 }
 
-// We may be using the legacy databases, in which case we need to use
-// "secmod.db". We may be using the sqlite-backed databases, in which case we
-// need to use "pkcs11.txt".
+// The platform now only uses the sqlite-backed databases, so we'll try to
+// rename "pkcs11.txt". However, if we're upgrading from a version that used the
+// old format, we need to try to rename the old "secmod.db" as well (if we were
+// to only rename "pkcs11.txt", initializing NSS will still fail due to the old
+// database being in FIPS mode).
 static nsresult
 AttemptToRenameBothPKCS11ModuleDBVersions(const nsACString& profilePath)
 {

security/manager/ssl/security-prefs.js

@@ -38,12 +38,6 @@ pref("security.remember_cert_checkbox_default_setting", true);
 pref("security.ask_for_password",        0);
 pref("security.password_lifetime",       30);
 
-// If true, use the modern sqlite-backed certificate and key databases in NSS.
-// If false, use the default format. Currently the default in NSS is the old
-// BerkeleyDB format, but this will change in bug 1377940.
-// Changing this requires a restart to take effect.
-pref("security.use_sqldb", true);
-
 // The supported values of this pref are:
 // 0: disable detecting Family Safety mode and importing the root
 // 1: only attempt to detect Family Safety mode (don't import the root)

security/manager/ssl/tests/unit/test_db_format_pref_new.js

@@ -4,12 +4,11 @@
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 "use strict";
 
-// Tests that if "security.use_sqldb" is set to true when PSM initializes,
-// we create the sqlite-backed certificate and key databases.
+// Tests that when PSM initializes, we create the sqlite-backed certificate and
+// key databases.
 
 function run_test() {
   let profileDir = do_get_profile();
-  Services.prefs.setBoolPref("security.use_sqldb", true);
   let certificateDBFile = profileDir.clone();
   certificateDBFile.append("cert9.db");
   ok(!certificateDBFile.exists(), "cert9.db should not exist beforehand");

security/manager/ssl/tests/unit/test_db_format_pref_old.js

@@ -1,24 +0,0 @@
-// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at http://mozilla.org/MPL/2.0/.
-"use strict";
-
-// Tests that if "security.use_sqldb" is set to false when PSM initializes,
-// we create the system-default certificate and key databases, which currently
-// use the old BerkeleyDB format. This will change in bug 1377940.
-
-function run_test() {
-  let profileDir = do_get_profile();
-  Services.prefs.setBoolPref("security.use_sqldb", false);
-  let certificateDBFile = profileDir.clone();
-  certificateDBFile.append("cert8.db");
-  ok(!certificateDBFile.exists(), "cert8.db should not exist beforehand");
-  let keyDBFile = profileDir.clone();
-  keyDBFile.append("key3.db");
-  ok(!keyDBFile.exists(), "key3.db should not exist beforehand");
-  // This should start PSM.
-  Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
-  ok(certificateDBFile.exists(), "cert8.db should exist in the profile");
-  ok(keyDBFile.exists(), "key3.db should exist in the profile");
-}

security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js

@@ -53,8 +53,6 @@ function run_test() {
     MockRegistrar.unregister(windowWatcherCID);
   });
 
-  Services.prefs.setBoolPref("security.use_sqldb", true);
-
   let profile = do_get_profile();
   let keyDBFile = do_get_file("test_sdr_preexisting_with_password/key3.db");
   keyDBFile.copyTo(profile, "key3.db");

security/manager/ssl/tests/unit/xpcshell.ini

@@ -76,11 +76,9 @@ skip-if = !debug
 run-sequentially = hardcoded ports
 [test_datasignatureverifier.js]
 # Android always has and always will use the new format, so
-# these two tests don't apply.
+# this test doesn't apply.
 [test_db_format_pref_new.js]
 skip-if = toolkit == 'android'
-[test_db_format_pref_old.js]
-skip-if = toolkit == 'android'
 [test_der.js]
 [test_enterprise_roots.js]
 skip-if = os != 'win' # tests a Windows-specific feature