Latest IcedTea7 forest sync
helpcrypto helpcrypto
helpcrypto at gmail.com
Thu Nov 8 03:58:07 PST 2012
> 3. Allowing default NSS provider to fail silently when the user configures it
>
> We've had a long standing bug:
>
> http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=473
>
> whereby, if the user initialises the PKCS11 provider, it can conflict with the configuration
> added to the JDK by --enable-nss. With this patch,
>
> http://icedtea.classpath.org/hg/icedtea7-forest/jdk/rev/e9c857dcb964
>
> and the addition of handleStartupErrors = ignoreMultipleInitialisation to nss.cfg.in, the provider
> in the JDK will now silently fail to load if the user configures PKCS11, rather than crashing the VM.
I'm not sure if this could affect me(us), but I reply here for the record.
We are using certificates for digital signature, sometimes through
PKCS#11 (SunPkcs11 and PKCS11 classes).
In our code, we invoke:
provider = new SunPKCS11(new ByteArrayInputStream(config.getBytes()));
for softoken (ie: software pkcs#11 which contains installed
certificates, which is part of NSS).
Could this affect us in any way?
More information about the distro-pkg-dev
mailing list