commit 21439f502b16cd168950cc2e38bfd6b6353ee428
Author: Matthew Garrett <mjg59@srcf.ucam.org>
Date:   Tue Nov 27 10:11:36 2012 -0500

    Add support for local certificate database directories
    
    Users may wish to use a certificate database other than the systemwide
    one.  Add an option for that.

---
 src/daemon.c |    4 ++--
 src/daemon.h |    2 +-
 src/pesign.c |    9 +++++++--
 3 files changed, 10 insertions(+), 5 deletions(-)

--- a/src/daemon.c
+++ b/src/daemon.c
@@ -877,7 +877,7 @@ err:
 }
 
 int
-daemonize(cms_context *cms_ctx, int do_fork)
+daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
 {
 	int rc = 0;
 	context ctx = { 
@@ -913,7 +913,7 @@ daemonize(cms_context *cms_ctx, int do_f
 		"pesignd starting (pid %d)", ctx.pid);
 
 
-	SECStatus status = NSS_Init("/etc/pki/pesign");
+	SECStatus status = NSS_Init(certdir);
 	if (status != SECSuccess) {
 		fprintf(stderr, "Could not initialize nss: %s\n",
 			PORT_ErrorToString(PORT_GetError()));
--- a/src/daemon.h
+++ b/src/daemon.h
@@ -19,7 +19,7 @@
 #ifndef DAEMON_H
 #define DAEMON_H 1
 
-extern int daemonize(cms_context *ctx, int do_fork);
+extern int daemonize(cms_context *ctx, char *certdir, int do_fork);
 
 typedef struct {
 	uint32_t version;
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -443,6 +443,7 @@ main(int argc, char *argv[])
 	char *tokenname = "NSS Certificate DB";
 	char *origtoken = tokenname;
 	char *certname = NULL;
+	char *certdir = "/etc/pki/pesign";
 
 	rc = pesign_context_new(&ctxp);
 	if (rc < 0) {
@@ -460,6 +461,10 @@ main(int argc, char *argv[])
 		{"certficate", 'c', POPT_ARG_STRING, &certname, 0,
 			"specify certificate nickname",
 			"<certificate nickname>" },
+		{"certdir", 'n', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
+			&certdir, 0,
+			"specify nss certificate database directory",
+			"<certificate directory path>" },
 		{"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0,
 			"specify private key file", "<privkey>" },
 		{"force", 'f', POPT_ARG_VAL, &ctxp->force,  1,
@@ -542,7 +547,7 @@ main(int argc, char *argv[])
 	poptFreeContext(optCon);
 
 	if (!daemon) {
-		SECStatus status = NSS_Init("/etc/pki/pesign");
+		SECStatus status = NSS_Init(certdir);
 		if (status != SECSuccess) {
 			fprintf(stderr, "Could not initialize nss: %s\n",
 				PORT_ErrorToString(PORT_GetError()));
@@ -796,7 +801,7 @@ main(int argc, char *argv[])
 			close_output(ctxp);
 			break;
 		case DAEMONIZE:
-			rc = daemonize(ctxp->cms_ctx, fork);
+			rc = daemonize(ctxp->cms_ctx, certdir, fork);
 			break;
 		default:
 			fprintf(stderr, "Incompatible flags (0x%08x): ", action);