cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: NSS Initialization flags

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 28 Sep 2009 13:21:44 +0200 (CEST)

On Sat, 26 Sep 2009, Claes Jakobsson wrote:

> What I'm interested in now is the NSS_INIT_COOPERATE option so that I can
> use my PKCS#11 modules with as the docs say SUNs Java PKCS11 provider but I
> imagine that in the future NSS might add additional flags that one might
> want which is why I think we should be flexible and allow any numerical
> value to be passed. Which value this actually will be should be left as
> exercise for the user.

Ignoring the other options for a while, what would be the downside of simply
always using NSS_INIT_COOPERATE ?

>> Why do you prefer an environment variable? Won't that rather make apps more
>> vulnerable to side-effects if users set this variable or similar?
>
> I suppose a external variable could work fine as well and that we set to
> NSS_INIT_READONLY by default. Altho NSS gets initialized by the first handle
> that uses it I don't think this should be an option on the handle.

Ah, I see.

The thing with environment variables is that we don't really set options that
way in libcurl. We do it for proxy stuff, but that is mostly because it
actually is a plus that users then can control what the lib does. It's been
used for example when a user runs an app that uses libcurl and the user wants
his app to use a specific http proxy.

In this case, it feels like the option would be for the app to control libcurl
and then I think an environment variable is an awkward interface.

But... I realize we have no proper API in libcurl to set such global variables
that exist outside or perhaps more accurately described before individual easy
handles are instanciated. I've even actively avoided to create such as they
tend to cause thread-related problems.

Let me ask it this way instead: if you would have to come up with a different
way than using an environment variable, how would you like to see it done?

Perhaps adding a curl_global_setopt() would make sense. To get called in the
same single thread start-up place as curl_global_init() already should be
called. Good/bad idea?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2009-09-28

This message: [ Message body ]
Next message: curl-library-bounces_at_cool.haxx.se: "The results of your email commands"
Previous message: Daniel Stenberg: "Re: viewvc installation Was: hi NSS friends ..."
In reply to: Claes Jakobsson: "Re: NSS Initialization flags"
Next in thread: Guenter: "Re: NSS Initialization flags"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]