Nelson B Bolyard wrote:
> Howard Chu wrote, On 2008-08-10 14:13:
>> It would make it impossible to use in e.g. OpenLDAP/nss_ldap because
>> applications would be unable to load their own configuration settings
>> after nss_ldap/libldap/nss initialized.
>
> Nothing prevents each application from having its own configuration.
> Nothing prevents an application from changing its configuration while it
> is running. Not even with cert8.db files.
I've been studying this some more; I still don't see a
clean/backward-compatible solution for this situation:
3rd party library "foo" calls NSS_Init("my path") and expects the DB files
from "my path" to be used.
Mozilla browser calls NSS_Init("profilepath") and expects the DB files from
"profilepath" to be used.
If the browser calls some other library that triggers foo, the DB in effect
depends on which NSS_Init call came first. One or the other of these two
pieces of software is going to break. There's no way for any software to
detect that NSS_Init was called already, because it just returns SECSuccess in
this case. Therefore there is no indication to the caller that their choice of
configdir was ignored.
One solution is to break up the NSS_Init functionality into two calls, one to
do the basic library initialization, and the other to specify what DB path to
use.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
