The PKCS11 provider has an option in its configuration file, "handleStartupErrors" that can be used to make different types of failure non-critical (throwing a UnsupportedOperationException rather than a ProviderException). By default, all failures are critical.
This option is not available for the failure resulting from an attempt to try to load a provider with a different library directory to one that has already been loaded; such a failure is always critical. This webrev: http://cr.openjdk.java.net/~andrew/pkcs11-multiinit/webrev.01/ simply extends the existing option so that this failure can be made non-critical. Both the existing IGNORE_ALL setting and the new IGNORE_MULTI_INIT setting will turn the failure into one which throws UnsupportedOperationException, resulting in the provider not being loaded rather than an JVM crash. This allows a default PKCS11 setup to be specified, which is then silently dropped if the user tries to load a conflicting setup (e.g. their own local NSS library). The patch is against tl at present. I'll need a bug ID to push this if it looks ok. Thanks, -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
