httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: Crypto and initialisation
Date Mon, 15 Sep 2008 09:36:39 GMT
William A. Rowe, Jr. wrote:

> They are; and shouldn't be used.  pszProvider and dwProvType args of
> CryptAcquireContext are the function you were looking for.  This returns
> a stateful, freethreaded handle for that module's access.
> 
> Just because their remains bogus app-default functions doesn't mean it's
> wise to use them.  And this function doesn't seem relevant to the "init"
> function you called out in the first place, was it?

You tell me.

All I have available to me on the CAPI side is the MS documentation and 
a number of examples of how people have abstracted the CAPI API.

The MS docs don't tell me which functions are "bogus", or which 
functions are "wise to use". And another end user of the abstraction 
might disagree as to what is bogus and what is not.

This is why I started this thread: to pick up flaws in my understanding 
so that they may be corrected, so I don't go off and waste my time 
writing a whole lot of code which will be rejected out of hand, and to 
come up with a workable compromise to solve this problem.

By picking through the NSS code, I have learned more about the behaviour 
of their init process. The first entity to initialise NSS wins. All 
further attempts to initialise silently succeed. This means NSS can be 
safely double or triple initialised, but it also means that if different 
parameters are used during the second or third attempt to initialise, 
those parameters will be silently ignored.

This means an end user problem still remains. Right now, if three NSS 
based modules came along, with three separate sets of directives to 
initialise NSS, the user might conclude that it was possible to 
initialise each module against three different databases. As it turns 
out, one of the three will win, and which one will depend on their 
module load order, and that is not intuitive to an end user.

How do you suggest I solve this problem?

Regards,
Graham
--

Mime
View raw message