If I initialize NSS in the following manner and try to add a new module manually: NSS_NoDB_Init(NULL); ... SECStatus s = SECMOD_AddNewModule(NSSCKBI_NAME, path.c_str(), 0, 0); PRInt32 e = PORT_GetError(); PRInt32 ose = PR_GetOSError(); SECMOD_AddNewModule() will return a SECFailure SECStatus in |s|, but the add was actually successful, and I can actually use the module. A call to PORT_GetError() after this failure will return -8190, and a call to PR_GetOSError() will return 0. We should probably fix things to allow folks to add modules in NoDB mode without errors being thrown.
Kin, SECMOD_AddNewModule does two things : 1) it adds the PKCS#11 module to the secmod database and 2) loads it so it can be used If you have no secmod database, I think it makes sense for this function to fail, because the first step cannot succeed without a secmod database. If anything, I think the bug is that SECMOD_AddNewModule should short-circuit right away and error, and not perform step 2) at all. For your case, you should use the function SECMOD_LoadUserModule to load the module without adding it to the secmod database.
Thanks Julien, I'll give that a try. Perhaps some documentation is in order in the secmod.h file to explain the differences?
QA Contact: bishakhabanerjee → jason.m.reid
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
You need to log in before you can comment on or make changes to this bug.