generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: use NSS_InitContext() to initialize NSS if available

Browse Source 
NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
collisions on NSS initialization/shutdown with other libraries.

Bug: https://bugzilla.redhat.com/738456
This commit is contained in:
Kamil Dudka
2012-04-10 15:42:34 +02:00
parent 42aa796150
commit 20cb12db8d
3 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
lib/nss.c
View File

@@ -78,6 +78,9 @@ PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
PRLock * nss_initlock = NULL;
PRLock * nss_crllock = NULL;
#ifdef HAVE_NSS_INITCONTEXT
NSSInitContext * nss_context = NULL;
#endif
volatile int initialized = 0;
@@ -861,29 +864,56 @@ isTLSIntoleranceError(PRInt32 err)
static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
{
if(NSS_IsInitialized())
#ifdef HAVE_NSS_INITCONTEXT
if(nss_context != NULL)
return CURLE_OK;
NSSInitParameters initparams;
memset((void *) &initparams, '\0', sizeof(initparams));
initparams.length = sizeof(initparams);
#else /* HAVE_NSS_INITCONTEXT */
SECStatus rv;
if(NSS_IsInitialized())
return CURLE_OK;
#endif
if(cert_dir) {
SECStatus rv;
const bool use_sql = NSS_VersionCheck("3.12.0");
char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
if(!certpath)
return CURLE_OUT_OF_MEMORY;
infof(data, "Initializing NSS with certpath: %s\n", certpath);
#ifdef HAVE_NSS_INITCONTEXT
nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
free(certpath);
if(nss_context != NULL)
return CURLE_OK;
#else /* HAVE_NSS_INITCONTEXT */
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
free(certpath);
if(rv == SECSuccess)
return CURLE_OK;
#endif
infof(data, "Unable to initialize NSS database\n");
}
infof(data, "Initializing NSS with certpath: none\n");
#ifdef HAVE_NSS_INITCONTEXT
nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
| NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
| NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
if(nss_context != NULL)
return CURLE_OK;
#else /* HAVE_NSS_INITCONTEXT */
if(NSS_NoDB_Init(NULL) == SECSuccess)
return CURLE_OK;
#endif
infof(data, "Unable to initialize NSS\n");
return CURLE_SSL_CACERT_BADFILE;
@@ -979,7 +1009,12 @@ void Curl_nss_cleanup(void)
SECMOD_DestroyModule(mod);
mod = NULL;
}
#ifdef HAVE_NSS_INITCONTEXT
NSS_ShutdownContext(nss_context);
nss_context = NULL;
#else /* HAVE_NSS_INITCONTEXT */
NSS_Shutdown();
#endif
}
PR_Unlock(nss_initlock);