+/*
+ * Currently mutiple MozNSS contexts share one certificate storage. When the
+ * certdb is being opened, only new certificates are added to the storage.
+ * When different databases are used, conflicting nicknames make the
+ * certificate lookup by the nickname impossible. In addition a token
+ * description might be prepended in certain conditions.
+ *
+ * In order to make the certificate lookup by nickname possible, we explicitly
+ * open each database using SECMOD_OpenUserDB and assign it the token
+ * description. The token description is generated using ctx->tc_unique value,
+ * which is unique for each context.
+ */
+static PK11SlotInfo *
+tlsm_init_open_certdb(tlsm_ctx *ctx, const char *dbdir, const char *prefix)
+{
+ PK11SlotInfo *slot = NULL;
+ char *token_desc = NULL;
+ char *config = NULL;
+
+ token_desc = PR_smprintf(TLSM_CERTDB_DESC_FMT, ctx->tc_unique);
+ config = PR_smprintf("configDir='%s' tokenDescription='%s' certPrefix='%s' keyPrefix='%s' flags=readOnly",
+ dbdir, token_desc, prefix, prefix);
+ Debug(LDAP_DEBUG_TRACE, "TLS: certdb config: %s\n", config, 0, 0);
+
+ slot = SECMOD_OpenUserDB(config);
+ if (!slot) {
+ PRErrorCode errcode = PR_GetError();
+ Debug(LDAP_DEBUG_TRACE, "TLS: cannot open certdb '%s', error %d:%s\n", dbdir, errcode,
+ PR_ErrorToString(errcode, PR_LANGUAGE_I_DEFAULT));
+ }
+
+ if (token_desc)
+ PR_smprintf_free(token_desc);
+ if (config)
+ PR_smprintf_free(config);
+
+ return slot;
+}
+