Latest IcedTea7 forest sync
helpcrypto at gmail.com
Thu Nov 8 03:58:07 PST 2012
> 3. Allowing default NSS provider to fail silently when the user configures it
> We've had a long standing bug:
> whereby, if the user initialises the PKCS11 provider, it can conflict with the configuration
> added to the JDK by --enable-nss. With this patch,
> and the addition of handleStartupErrors = ignoreMultipleInitialisation to nss.cfg.in, the provider
> in the JDK will now silently fail to load if the user configures PKCS11, rather than crashing the VM.
I'm not sure if this could affect me(us), but I reply here for the record.
We are using certificates for digital signature, sometimes through
PKCS#11 (SunPkcs11 and PKCS11 classes).
In our code, we invoke:
provider = new SunPKCS11(new ByteArrayInputStream(config.getBytes()));
for softoken (ie: software pkcs#11 which contains installed
certificates, which is part of NSS).
Could this affect us in any way?
More information about the distro-pkg-dev