Closed Bug 245915 Opened 21 years ago Closed 20 years ago

NSS should have a API to tell if NSS has been initialized or not

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: amy.kang, Assigned: rrelyea)

Details

Attachments

(1 file)

add missing function to nss.h header file
623 bytes, patch
rrelyea
: review+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.4) Gecko/20040414 Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.4) Gecko/20040414 NSS does not have a API like PR_Initialized to check if NSS has been initialized. Reproducible: Always Steps to Reproduce: 1. 2. 3.
The NSS doc says "NSS_Init is not idempotent, so call it only once" "NSS_NoDB_Init is not idemptotent, so call it only once" So a API to check if NSS has been initialized would be necessary especially if NSS can be potentially initialized by different components in an application. For example, a public API library that uses NSS and a software that uses this API library and NSS in itself.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: SunOS → All
Hardware: Sun → All
Target Milestone: --- → 3.10
Version: unspecified → 3.9
Bob, I seem to remember you recently opened a bug for the same issue.
Assignee: wchang0222 → rrelyea0264
Oh, I thought this was that bug.... Let me look up my bug, which has a patch for the problem as well. bob BTW, I'm not sure which documentation says NSS_Init is not idempotent, but it's wrong, NSS_Init IS idempotent... however if you are a subsystem which needs to initialize NSS, and needs to know if you need to shut NSS down, you will still need this function.
Bob, I can't find the bug I was referring to in comment 2 in Bugzilla and Bugscape, so it seems that you haven't opened a bug yet. This is from your status report on 5/14/2004: Bob also completed coding patches to determine if NSS is already initialized (requested by the XXX team).
(In reply to comment #3) > Oh, I thought this was that bug.... Let me look up my bug, which has a patch > for the problem as well. > > bob > > BTW, I'm not sure which documentation says NSS_Init is not idempotent, but it's > wrong, NSS_Init IS idempotent... however if you are a subsystem which needs to > initialize NSS, and needs to know if you need to shut NSS down, you will still > need this function. > > in Description of NSS_Init or NSS_NoDB_Init at http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1067601 http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1234224
bug 244914 has a patch for this issue (along with another issue). When that patch is checked in I'll close this bug. We should also fix the documentation on mozilla. I believe that the initialization functions became idempotent between NSS 3.2 and NSS 3.3. There is still a small issue --- if you call NSS_Init with one set of databases, you need to shutdown NSS before you can use a different set of databases in your process. bob
Targetting 3.9.2 for this patch.
Target Milestone: 3.10 → 3.9.2
Checkin log for Tip: Checking in nss/nss.def; /cvsroot/mozilla/security/nss/lib/nss/nss.def,v <-- nss.def new revision: 1.132; previous revision: 1.131 done Checking in nss/nssinit.c; /cvsroot/mozilla/security/nss/lib/nss/nssinit.c,v <-- nssinit.c new revision: 1.67; previous revision: 1.66 done Fix has been checked in on both the tip and the 3.9 branch (checkin log above is fro the tip) as part of bug 244914.
Oops, that should be resolved fixed. NOTE: there is still and issue with the mozilla documentation, which should be a separate bug.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
A related question: Is NSS_NoDB_Init and NSS_Init equivalent when used on SSL client side if the SSL client, 1. does not support SSL client authentication 2. only support trusted self-signed server certificates (ie, sslBadCertHandler callback will always return SECSucess) 3. does not write to any NSS cert db files That is, if the #1-#3 are true, can the SSL client just call NSS_NoDB_Init and still use NSS for SSL communication with server ?
Amy, I think the main difference between those two cases if your application doesn't write certs or change trust is that we may not explicitly load the root cert module, libnssckbi.so, when you use the NoDB API . You could still explicitly load it if you do need it, without having a secmod.db . It sounds like your application doesn't need this module, because your cert handler always returns SECSuccess. Let me point out that it is a very dangerous way of doing security, since you remove the authentication part of SSL by doing trusting everybody . Your data may be encrypted, but not necessarily to the right part, making this basically as bad as a non-SSL connection, or worse, since you have a false sense of security because you "enabled SSL" on your connections. IMO, this sort of code is only appropriate for test programs, not for anything that ever gets deployed ...
Julien, I agreed. The reason for the question is to investigate a compatibility impact to an existing application regarding NSS init API usage change. Thanks for the information.
Bob, It appears you forgot to add the function to the header files. Reopening.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attachment #158703 - Flags: review?(rrelyea0264)
Attachment #158703 - Flags: review?(rrelyea0264)
Keywords: sun-orion3
Checked in Julien's fix. Tip: Checking in nss.h; /cvsroot/mozilla/security/nss/lib/nss/nss.h,v <-- nss.h new revision: 1.38; previous revision: 1.37 done NSS_3_9_BRANCH: Checking in nss.h; /cvsroot/mozilla/security/nss/lib/nss/nss.h,v <-- nss.h new revision: 1.34.4.9; previous revision: 1.34.4.8 done
Status: REOPENED → RESOLVED
Closed: 21 years ago20 years ago
Resolution: --- → FIXED
Attachment #158703 - Flags: review+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: