I'm having an issue with mod_nss, an Apache module I wrote that provides
SSL using NSS.
The way Apache loads modules is a tad strange. What it does is it loads
them one time in order to get its list of configuration directives and
it verifies that the configuration is ok. It also runs through the
initialization routines.
In my case this is needed so I still have stdin/stdout and can prompt
for the PIN. Once the first round of module loading is done
stdin/out/err are all closed.
Apache then unloads the module, then reloads it again. I had to write a
fair bit of code to handle this, in particular because NSS needs to shut
down gracefully otherwise it won't start up again once the module gets
loaded for the 2nd time.
The specific problem I'm having is with the NSS session cache. I
periodically get a core dump in the LockPoller thread (sslsnce.c). The
cache is disappearing underneath the thread and bad things happen. It's
basically a race condition to see if this thread can exit before its
data disappears.
A potential fix I have is to not initialize the cache during the first
module load. I've always been under the impression that initializing the
cache is one of the things one should do in an NSS app and I don't want
to introduce other, worse side-effects.
Assuming that is ok, is it bad to call
SSL_ShutdownServerSessionIDCache() if the cache hasn't been initialized?
I briefly looked at the code and it seems ok to me but I don't want to
make assumptions.
thanks
rob
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
