Latest IcedTea7 forest sync

helpcrypto helpcrypto helpcrypto at
Thu Nov 8 03:58:07 PST 2012

> 3.  Allowing default NSS provider to fail silently when the user configures it
> We've had a long standing bug:
> whereby, if the user initialises the PKCS11 provider, it can conflict with the configuration
> added to the JDK by --enable-nss.  With this patch,
> and the addition of handleStartupErrors = ignoreMultipleInitialisation to, the provider
> in the JDK will now silently fail to load if the user configures PKCS11, rather than crashing the VM.

I'm not sure if this could affect me(us), but I reply here for the record.
We are using certificates for digital signature, sometimes through
PKCS#11 (SunPkcs11 and PKCS11 classes).
In our code, we invoke:
  provider = new SunPKCS11(new ByteArrayInputStream(config.getBytes()));
for softoken (ie: software pkcs#11 which contains installed
certificates, which is part of NSS).

Could this affect us in any way?

More information about the distro-pkg-dev mailing list