Loading...

qtwebengine save ssl certificate into nss storage


I am trying to add new ssl (ca x509) certificate into nss storage (on Linux). After certificate copying into /usr/share/ca-certificates and running update-ca-certificate script, it will store this file into /etc/ssl/certs. This change execute hooks in /etc/ca-certificates/update.d . I have already created there a nss update script. It will store changes into systemwide (/etc/pki/nssdb) via certuil.

certutil -A -n $(basename $CERT) -t "CT,C,C" -i /usr/share/ca-certificates/$CERT -d /etc/pki/nssdb

My application based on qtwebengine(5.12)->chromium automatically checks whether /home/xxx/.pki/nssdb file exists. If not, it will copy the content from systemwide. So all certificates are sync now and application loads this database into memory before starts.

The main problem will occur, when I want to add new certificate during application run-time. I can add new certificate into ca-certificate and run the update script. But even if the hook updates the systemwide nssdb (and also in homedir), application is still using the old one. Because the database is still loaded in memory. Changes from disk are loaded only when the application is killed or restarted.

Application has no configurable GUI and can't be restarted by user. There is only webpage without any possibility to change the URL.

So the question is, how to re-load the nssdb without application restarting. Or how to save the certificate into nssdb like in the chrome browser over internal API?

Many thanks for support.

- - Source
comments powered by Disqus