On 14.01.2011 10:24, Bernhard Thalmayr wrote: > the 'client' is the OpenSSO web-agent (a lib) used by Apache httpd.
Just to be sure: we're talking of this code here, right? http://sources.forgerock.org/browse/openam/trunk/opensso/products/webagents/am/source/connection.cpp?r=HEAD&content=true Maybe Bob or Nelson can spot a problem when skimming over that code...? I have another question/thought, however: what version of Apache httpd and what MPM are you using? Is it possible that the Connection::initialized boolean might not be shared among the httpd processes, resulting in multiple (concurrent) NSS initializations? Also, are "CertDir" and "dbPrefix" set in your configuration? If not, Connection::initialize() would call NSS_NoDB_Init, which isn't intended for SSL operations, from what I understand (http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1234224). Kaspar -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
