[PATCH FOR REVIEW] Allow multiple initialisation of NSS with different library directories to be a non-criticial error
Vincent Ryan
vincent.x.ryan at oracle.com
Fri Nov 9 16:50:04 UTC 2012
Hello Andrew,
The code changes look fine. I will open a bug for this issue.
Is there a testcase available for this new option?
Thanks.
On 7 Nov 2012, at 18:45, Andrew Hughes wrote:
> The PKCS11 provider has an option in its configuration file, "handleStartupErrors"
> that can be used to make different types of failure non-critical (throwing a
> UnsupportedOperationException rather than a ProviderException). By default,
> all failures are critical.
>
> This option is not available for the failure resulting from an attempt to try to
> load a provider with a different library directory to one that has already been
> loaded; such a failure is always critical.
>
> This webrev:
>
> http://cr.openjdk.java.net/~andrew/pkcs11-multiinit/webrev.01/
>
> simply extends the existing option so that this failure can be made non-critical.
> Both the existing IGNORE_ALL setting and the new IGNORE_MULTI_INIT setting will
> turn the failure into one which throws UnsupportedOperationException, resulting
> in the provider not being loaded rather than an JVM crash.
>
> This allows a default PKCS11 setup to be specified, which is then silently dropped
> if the user tries to load a conflicting setup (e.g. their own local NSS library).
>
> The patch is against tl at present. I'll need a bug ID to push this if it looks ok.
>
> Thanks,
> --
> Andrew :)
>
> Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
>
> PGP Key: 248BDC07 (https://keys.indymedia.org/)
> Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
>
More information about the security-dev
mailing list