Hello Thank you both for your responses.
Forgive me but I do have few follow up questions: In event say a machine (windows or Linux) have latest version of sqlite ( system provided or say built manually ) , what needs to be done for NSS to pick it up ? Do we need to build NSS with certain option so it can link to the machine’s SQLite ? In event there’s none on machine, I’m assuming NSS will default to using it’s own SQLite? FYI, We are planning on upgrading to NSS 3.88 and if I’m not mistaken SQLite version that’s packaged up is 3.29 Thank you On Wed, Mar 15, 2023 at 7:55 PM Martin Thomson <m...@mozilla.com> wrote: > Just to expand on what Bob said, we don't make any guarantees about the > version of sqlite that is in our tree. It exists only to support > standalone builds of NSS. > > As a general rule, it will be out of date and can be vulnerable. But the > sqlite project has a history of excellent ABI compatibility, so the latest > version should work with NSS. If it doesn't work, that might be worth > flagging to us. > > We also accept patches and would be happy to look at a patch that updates > our copy of sqlite if that works better for you. > > On Thu, Mar 16, 2023 at 10:08 AM Robert Relyea <rrel...@redhat.com> wrote: > >> On 3/15/23 8:39 AM, Usha Nayak wrote: >> >> Hello, >> >> We are building NSS and are packing it in our product. For our >> application we use IAIK PKCS#11 wrapper to connect to NSS. >> >> Following properties file contains information that's used by iaik to >> connect to NSS : >> [image: image.png] >> >> We use following commands to create DB: >> "NSS\bin\modutil.exe" -force -create -dbdir sql:"%XXX%\data\NSS\db" >> >> As far as I know we are using the sqllite lib that's packaged in NSS3.88. >> Are there plans to upgrade it? If there are security concerns, what cna we >> do to mitigate it ? >> >> >> The image is missing, so a vital part of our question isn't visible. >> >> That being said, we usually update sqlite when we need to to fix NSS >> issues, or if NSS needs to use more advanced sqlite features. >> >> Many users of NSS provide their own copy of sqlite (either because they >> have their own copy as part of a larger application... like firefox, or >> because sqlite is provided by the os (like many Linux distributions). If >> you are concerned with shipping or using the older version of sqlite3, you >> could build our own from the sqlite3 project and use it. >> >> bob >> >> >> Any help greatly appreciated >> >> Thanks. >> -- >> You received this message because you are subscribed to the Google Groups >> "dev-tech-crypto@mozilla.org" <dev-tech-crypto@mozilla.org> group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to dev-tech-crypto+unsubscr...@mozilla.org. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/88ae58f8-c4c2-4f91-aa85-eccc3c745d71n%40mozilla.org >> <https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/88ae58f8-c4c2-4f91-aa85-eccc3c745d71n%40mozilla.org?utm_medium=email&utm_source=footer> >> . >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "dev-tech-crypto@mozilla.org" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to dev-tech-crypto+unsubscr...@mozilla.org. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/d868fcdb-cd3a-c49b-66af-00c389425b8e%40redhat.com >> <https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/d868fcdb-cd3a-c49b-66af-00c389425b8e%40redhat.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups " > dev-tech-crypto@mozilla.org" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dev-tech-crypto+unsubscr...@mozilla.org. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAPLxc%3DV%2BGO24kXmaQGw1QCGx3ef4vE5r42ytHyoOrwC48ShnMg%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAPLxc%3DV%2BGO24kXmaQGw1QCGx3ef4vE5r42ytHyoOrwC48ShnMg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "dev-tech-crypto@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-crypto+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CABrHGU87q6g-KgRM6e7Uq2F0jg7nonPvcKRK5%3DkG8sKwnE%2BiyA%40mail.gmail.com.
