cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: NSS Initialization flags

From: Claes Jakobsson <claes_at_versed.se>
Date: Sat, 26 Sep 2009 23:55:14 +0200

On Sep 26, 2009, at 11:25 PM, Daniel Stenberg wrote:
> Sorry, but can you explain for an NSS rookie what that option does
> and how someone (like you) might end up wanting something else? And
> what is the "else" you want? I mean, what's the possible values we
> would consider supporting for it?

What I'm interested in now is the NSS_INIT_COOPERATE option so that I
can use my PKCS#11 modules with as the docs say SUNs Java PKCS11
provider but I imagine that in the future NSS might add additional
flags that one might want which is why I think we should be flexible
and allow any numerical value to be passed. Which value this actually
will be should be left as exercise for the user.

> Related to this. Where on earth is this NSS_Initialize function
> documented? I've tried searching for a man page/docs page somewhere
> but I've failed...! Is http://mxr.mozilla.org/mozilla/source/security/nss/lib/nss/nssinit.c#607
> the best there is?

I think so =(

> Why do you prefer an environment variable? Won't that rather make
> apps more vulnerable to side-effects if users set this variable or
> similar?

I suppose a external variable could work fine as well and that we set
to NSS_INIT_READONLY by default. Altho NSS gets initialized by the
first handle that uses it I don't think this should be an option on
the handle.

/Claes

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-09-26