diff options
| author | Kamil Dudka <kdudka@redhat.com> | 2012-04-10 15:42:34 +0200 |
|---|---|---|
| committer | Kamil Dudka <kdudka@redhat.com> | 2012-04-13 12:19:36 +0200 |
| commit | 20cb12db8df6f956b885a5215bcffd425f2d34dd (patch) | |
| tree | 536225711e4e73b9b52e11894cd4412a61f6c594 /lib | |
| parent | 42aa796150a580a0adff714c157d3b38b7672c7f (diff) | |
nss: use NSS_InitContext() to initialize NSS if available
NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
collisions on NSS initialization/shutdown with other libraries.
Bug: https://bugzilla.redhat.com/738456
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/nss.c | 37 |
1 files changed, 36 insertions, 1 deletions
@@ -78,6 +78,9 @@ PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd); PRLock * nss_initlock = NULL; PRLock * nss_crllock = NULL; +#ifdef HAVE_NSS_INITCONTEXT +NSSInitContext * nss_context = NULL; +#endif volatile int initialized = 0; @@ -861,29 +864,56 @@ isTLSIntoleranceError(PRInt32 err) static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir) { +#ifdef HAVE_NSS_INITCONTEXT + if(nss_context != NULL) + return CURLE_OK; + + NSSInitParameters initparams; + memset((void *) &initparams, '\0', sizeof(initparams)); + initparams.length = sizeof(initparams); +#else /* HAVE_NSS_INITCONTEXT */ + SECStatus rv; + if(NSS_IsInitialized()) return CURLE_OK; +#endif if(cert_dir) { - SECStatus rv; const bool use_sql = NSS_VersionCheck("3.12.0"); char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir); if(!certpath) return CURLE_OUT_OF_MEMORY; infof(data, "Initializing NSS with certpath: %s\n", certpath); +#ifdef HAVE_NSS_INITCONTEXT + nss_context = NSS_InitContext(certpath, "", "", "", &initparams, + NSS_INIT_READONLY | NSS_INIT_PK11RELOAD); + free(certpath); + + if(nss_context != NULL) + return CURLE_OK; +#else /* HAVE_NSS_INITCONTEXT */ rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY); free(certpath); if(rv == SECSuccess) return CURLE_OK; +#endif infof(data, "Unable to initialize NSS database\n"); } infof(data, "Initializing NSS with certpath: none\n"); +#ifdef HAVE_NSS_INITCONTEXT + nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY + | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN + | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD); + if(nss_context != NULL) + return CURLE_OK; +#else /* HAVE_NSS_INITCONTEXT */ if(NSS_NoDB_Init(NULL) == SECSuccess) return CURLE_OK; +#endif infof(data, "Unable to initialize NSS\n"); return CURLE_SSL_CACERT_BADFILE; @@ -979,7 +1009,12 @@ void Curl_nss_cleanup(void) SECMOD_DestroyModule(mod); mod = NULL; } +#ifdef HAVE_NSS_INITCONTEXT + NSS_ShutdownContext(nss_context); + nss_context = NULL; +#else /* HAVE_NSS_INITCONTEXT */ NSS_Shutdown(); +#endif } PR_Unlock(nss_initlock); |