[PATCH FOR REVIEW] Allow multiple initialisation of NSS with different library directories to be a non-criticial error
Andrew Hughes
gnu.andrew at redhat.com
Wed Nov 7 18:45:55 UTC 2012
The PKCS11 provider has an option in its configuration file, "handleStartupErrors"
that can be used to make different types of failure non-critical (throwing a
UnsupportedOperationException rather than a ProviderException). By default,
all failures are critical.
This option is not available for the failure resulting from an attempt to try to
load a provider with a different library directory to one that has already been
loaded; such a failure is always critical.
This webrev:
http://cr.openjdk.java.net/~andrew/pkcs11-multiinit/webrev.01/
simply extends the existing option so that this failure can be made non-critical.
Both the existing IGNORE_ALL setting and the new IGNORE_MULTI_INIT setting will
turn the failure into one which throws UnsupportedOperationException, resulting
in the provider not being loaded rather than an JVM crash.
This allows a default PKCS11 setup to be specified, which is then silently dropped
if the user tries to load a conflicting setup (e.g. their own local NSS library).
The patch is against tl at present. I'll need a bug ID to push this if it looks ok.
Thanks,
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the security-dev
mailing list