NSS_Shutdown returns a value indicating success for failure. It can fail. libldap *may* be holding references to NSS objects when you try to shutdown NSS. In general, I would not expect that you will be able to shutdown NSS underneath libldap, without the awareness and participation of libldap. IMO, your best bet to to get libldap to shut down everything it knows about NSS and then shut down NSS.
Mike, i think Nelson is right here. it appears that we dont do necessary cleanup within libssldap in order for what i suggested to work. i might have been dreaming about this but somehow i thought that approach used to work, maybe old NSS version/s were less strict on this, dunno. anyway i did test this and you will always get SEC_ERROR_BUSY from NSS_Shutdown right now. there is no public api available in libssldap today you can call for cleanup before calling NSS_Shutdown. please open a bug for this because i think there is need for sucha cleanup api OR perhaps we can utilize NSS_RegisterShutdown so it will call our cleanup handler before NSS shutdown and take the burden off users.
The only issue I see with that approach is that libldap appears to open the cert DB read-only. In order to be able to update it from your program, you'd have to open it read-write. That's feasible. I would be cleanest if libldap was extended to do that, but you could do it yourself, with your own alternative implementation of ldapssl_clientauth_init().
i think you can actually call NSS_Initialize() RW from within your app then call ldapssl functions as before and since NSS will be already in initialized state all subsequent init attempts from ldapssl functions will be essentially no ops. back to your original question and problem at hand i dont see any easy workaround for this unless maybe Nelson can suggest some hack to force NSS to shutdown which isnt right and probably pretty unsafe but if you are desperate for some kinda workaround that might be it. apart from that the only thing i can think of is doing fork() and doing ldapssl_* reinit in the child process while making the parent quit. _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
