Commit 1c8bfbe5 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6802,ITS#6811

parent 971b71d4
......@@ -41,7 +41,7 @@ OpenLDAP 2.4.24 Engineering
Fixed libldap variable usage (ITS#6813)
Fixed libldap MozNSS default cipher suites (ITS#6790)
Fixed libldap MozNSS cert usage types/values (ITS#6791)
Fixed libldap MozNSS restart module after fork() (ITS#6802)
Fixed libldap MozNSS restart module after fork() (ITS#6802,ITS#6811)
Fixed liblutil getpass prompts (ITS#6702)
Fixed ldapsearch segfault with deref (ITS#6638)
Fixed ldapsearch multiple controls parsing (ITS#6651)
......
......@@ -2872,10 +2872,27 @@ static const PRIOMethods tlsm_PR_methods = {
static int
tlsm_init( void )
{
char *nofork = PR_GetEnv( "NSS_STRICT_NOFORK" );
PR_Init(0, 0, 0);
tlsm_layer_id = PR_GetUniqueIdentity( "OpenLDAP" );
/*
* There are some applications that acquire a crypto context in the parent process
* and expect that crypto context to work after a fork(). This does not work
* with NSS using strict PKCS11 compliance mode. We set this environment
* variable here to tell the software encryption module/token to allow crypto
* contexts to persist across a fork(). However, if you are using some other
* module or encryption device that supports and expects full PKCS11 semantics,
* the only recourse is to rewrite the application with atfork() handlers to save
* the crypto context in the parent and restore (and SECMOD_RestartModules) the
* context in the child.
*/
if ( !nofork ) {
PR_SetEnv( "NSS_STRICT_NOFORK=DISABLED" );
}
return 0;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment