On 01/18/2011 05:16 PM, Kaspar Brand wrote:
On 18.01.2011 12:29, Bernhard Thalmayr wrote:
I meant it might be a bug in Agent code to call 'NSS_NoDBInit' ...
however this code has been there for some years already.
One explanation I can think of is that it would only break with more
recent versions of NSS, due to stricter application behavior being
enforced?
Not really ... I've already created a debug build for NSS 3.12.8 (as
this seems to fix some PKCS#11 logger issues).
The issue does occour later, but it occurs.
(https://bugzilla.mozilla.org/show_bug.cgi?id=331096 comes to
mind, e.g. - but that's just a [very] wild guess).
I'll defer to the real experts (Bob, Nelson, Wan-Teh) for authoritative
answers on this, however.
I'm not 100% sure but it seems the error does only occur on SSL restarts
.. not on full handshakes.
Perhaps it can do full handshakes even if it has been init'ed with
NSS_NoDBInit, but no session resumptions? (Again, just guessing.)
Well, the error does not occour on every restart ... that's the problem.
It's not reproducable ... the agent just sends requests to a secure
server and on some point in time NSS can not recover.
What you could also try is creating an empty DB (certutil -N -d somedir)
and configure that for the agent. Would be interesting to see if it
makes a difference.
I'll give this a try.
Thanks,
Bernhard
Kaspar
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
