NSS Library Init: Difference between revisions

Jump to navigation Jump to search

NSS Library Init (view source)

Revision as of 01:17, 16 October 2009

141 bytes added ,  16 October 2009
→‎Restrictions on any future solution
 
Line 27: Line 27:
The existing shutdown will close down all NSS internal references to object and free up internal lists. It is possible that the application may still hold references to NSS objects (such as slots, keys, or certs that NSS has returned to it) in its address space. NSS will shutdown all slots that do not have outstanding object references to them. If NSS cannot shutdown all slots, it will return an error. At this point NSS is 'shutdown', but it will not be able to initialized again until all those outstanding references are freed.
The existing shutdown will close down all NSS internal references to object and free up internal lists. It is possible that the application may still hold references to NSS objects (such as slots, keys, or certs that NSS has returned to it) in its address space. NSS will shutdown all slots that do not have outstanding object references to them. If NSS cannot shutdown all slots, it will return an error. At this point NSS is 'shutdown', but it will not be able to initialized again until all those outstanding references are freed.


Few applications depend on being able to shutdown with a single NSS_Shutdown call, but there are some that do, usually applications which have some sort of dynamic profile switching code. Even though these apps are few, they must still continue to work. (Do you mean continue to fail? --[[User:Nelsonb|MisterTLS]] 21:48, 1 September 2009 (UTC) no, I mean continue to work. Applications that call the base NSS_InitXXX expect it to be idempotent. It will continue to be. Applications expect to call NSS_Shutdown() and be able to switch profiles. This will continue to work as well. This last one we can discuss. It may make more sense for NSS_Shutdown to work as NSS_ShutdownContext(NULL) does. )
Few applications depend on being able to shutdown with a single NSS_Shutdown call, but there are some that do, usually applications which have some sort of dynamic profile switching code. Even though these apps are few, they must still continue to work.(Do you mean continue to fail? --[[User:Nelsonb|MisterTLS]] 21:48, 1 September 2009 (UTC) no, I mean continue to work. Applications that call the base NSS_InitXXX expect it to be idempotent. It will continue to be. Applications expect to call NSS_Shutdown() and be able to switch profiles. This will continue to work as well. This last one we can discuss. It may make more sense for NSS_Shutdown to work as NSS_ShutdownContext(NULL) does. ) Caveat: Note that today, if there is a library using NSS and holding references, such profile switching will not work in any of the scenarios.


2) '''NSS still maintains a single 'trust domain' in which certificates are verified.''' In a single process, NSS has the ability to process certificates in the context of any one of several independent trust domains, but many of NSS's existing API functions do not allow a trust domain to be explicitly specified.
2) '''NSS still maintains a single 'trust domain' in which certificates are verified.''' In a single process, NSS has the ability to process certificates in the context of any one of several independent trust domains, but many of NSS's existing API functions do not allow a trust domain to be explicitly specified.
Relyea
439

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/175961"

Navigation menu