From d27f458b37bbfe50a2e78975a9a3e4c7913a4f23 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Thu, 27 Jan 2011 21:38:40 +0000 Subject: [PATCH] ITS#6802 restart modules for fork() - from Rich Megginson @ Red Hat --- libraries/libldap/tls_m.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c index 3091d8aa30..36d32761de 100644 --- a/libraries/libldap/tls_m.c +++ b/libraries/libldap/tls_m.c @@ -68,6 +68,13 @@ #define HAVE_NSS_INITCONTEXT 1 #endif +/* NSS 3.12.9 and later have SECMOD_RestartModules */ +#if NSS_VMAJOR <= 3 && NSS_VMINOR <= 12 && NSS_VPATCH < 9 +/* do nothing */ +#else +#define HAVE_SECMOD_RESTARTMODULES 1 +#endif + /* InitContext does not currently work in server mode */ /* #define INITCONTEXT_HACK 1 */ @@ -1482,6 +1489,24 @@ tlsm_deferred_init( void *arg ) SECStatus rc; int done = 0; +#ifdef HAVE_SECMOD_RESTARTMODULES + /* NSS enforces the pkcs11 requirement that modules should be unloaded after + a fork() - since there is no portable way to determine if NSS has been + already initialized in a parent process, we just call SECMOD_RestartModules + with force == FALSE - if the module has been unloaded due to a fork, it will + be reloaded, otherwise, it is a no-op */ + if ( SECFailure == ( rc = SECMOD_RestartModules(PR_FALSE /* do not force */) ) ) { + errcode = PORT_GetError(); + if ( errcode != SEC_ERROR_NOT_INITIALIZED ) { + Debug( LDAP_DEBUG_TRACE, + "TLS: could not restart the security modules: %d:%s\n", + errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 ); + } else { + errcode = 1; + } + } +#endif + #ifdef HAVE_NSS_INITCONTEXT memset( &initParams, 0, sizeof( initParams ) ); initParams.length = sizeof( initParams ); -- 2.39.5