upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-23 08:09:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#6811, more for #6802 PKCS11 fork() handling from Rich Megginson @ Red Hat

Browse source
This commit is contained in:
Howard Chu 2011-01-29 20:40:20 +00:00
parent 36d0a161ab
commit bbecfa740d
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
libraries/libldap/tls_m.c
View file

@ -2872,10 +2872,27 @@ static const PRIOMethods tlsm_PR_methods = {
static int static int
tlsm_init( void ) tlsm_init( void )
{ {
char *nofork = PR_GetEnv( "NSS_STRICT_NOFORK" );
PR_Init(0, 0, 0); PR_Init(0, 0, 0);
tlsm_layer_id = PR_GetUniqueIdentity( "OpenLDAP" ); tlsm_layer_id = PR_GetUniqueIdentity( "OpenLDAP" );
/*
* There are some applications that acquire a crypto context in the parent process
* and expect that crypto context to work after a fork(). This does not work
* with NSS using strict PKCS11 compliance mode. We set this environment
* variable here to tell the software encryption module/token to allow crypto
* contexts to persist across a fork(). However, if you are using some other
* module or encryption device that supports and expects full PKCS11 semantics,
* the only recourse is to rewrite the application with atfork() handlers to save
* the crypto context in the parent and restore (and SECMOD_RestartModules) the
* context in the child.
*/
if ( !nofork ) {
PR_SetEnv( "NSS_STRICT_NOFORK=DISABLED" );
}
return 0; return 0;
} }