On Fri, 25 Sep 2009, Claes Jakobsson wrote:

> when we initialize NSS today it's done using NSS_Initialize(certpath, "",
> "", "", NSS_INIT_READONLY);. However I've come to a situation where I might
> have to open it using other flags than NSS_INIT_READONLY and thus would like
> this to be configurable at runtime.

Sorry, but can you explain for an NSS rookie what that option does and how
someone (like you) might end up wanting something else? And what is the "else"
you want? I mean, what's the possible values we would consider supporting for
it?

Related to this. Where on earth is this NSS_Initialize function documented?
I've tried searching for a man page/docs page somewhere but I've failed...! Is
http://mxr.mozilla.org/mozilla/source/security/nss/lib/nss/nssinit.c#607 the
best there is?

> Preferably this would be set as an environment variable rather than an
> option on the handle that actually does the initialization. Perhaps
> CURL_NSS_INITFLAGS?

Why do you prefer an environment variable? Won't that rather make apps more
vulnerable to side-effects if users set this variable or similar?

I'm not rejecting the idea or suggestion, I'm only trying to get a better
understanding for the situation you're in.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html