diff options
Diffstat (limited to 'doc/rst/legacy/reference/nss_initialize/index.rst')
-rw-r--r-- | doc/rst/legacy/reference/nss_initialize/index.rst | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/doc/rst/legacy/reference/nss_initialize/index.rst b/doc/rst/legacy/reference/nss_initialize/index.rst index 9ae09efcb..f316e507e 100644 --- a/doc/rst/legacy/reference/nss_initialize/index.rst +++ b/doc/rst/legacy/reference/nss_initialize/index.rst @@ -51,32 +51,32 @@ NSS_Initialize and ``NSS_NoDB_Init``. If any of those simpler NSS initialization functions suffices for your needs, call that instead. - The ``flags`` parameter is a bitwise OR of the following flags: + The ``flags`` parameter is a bitwise OR of the following flags: - NSS_INIT_READONLY - Open the databases read only. - - NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just initialize the volatile certdb. - - NSS_INIT_NOMODDB - Don't open the security module DB, just initialize the PKCS #11 module. - - NSS_INIT_FORCEOPEN - Continue to force initializations even if the databases cannot be opened. - - NSS_INIT_NOROOTINIT - Don't try to look for the root certs module automatically. + - NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just initialize the volatile certdb. + - NSS_INIT_NOMODDB - Don't open the security module DB, just initialize the PKCS #11 module. + - NSS_INIT_FORCEOPEN - Continue to force initializations even if the databases cannot be opened. + - NSS_INIT_NOROOTINIT - Don't try to look for the root certs module automatically. - NSS_INIT_OPTIMIZESPACE - Optimize for space instead of speed. Use smaller tables and caches. - - NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are thread-safe, i.e., that support - locking - either OS locking or NSS-provided locks . If a PKCS#11 module isn't thread-safe, - don't serialize its calls; just don't load it instead. This is necessary if another piece of - code is using the same PKCS#11 modules that NSS is accessing without going through NSS, for + - NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are thread-safe, i.e., that support + locking - either OS locking or NSS-provided locks . If a PKCS#11 module isn't thread-safe, + don't serialize its calls; just don't load it instead. This is necessary if another piece of + code is using the same PKCS#11 modules that NSS is accessing without going through NSS, for example, the Java SunPKCS11 provider. - - NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED error when loading PKCS#11 - modules. This is necessary if another piece of code is using the same PKCS#11 modules that NSS - is accessing without going through NSS, for example, Java SunPKCS11 provider. - - NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any PKCS#11 module. This may be necessary - in order to ensure continuous operation and proper shutdown sequence if another piece of code - is using the same PKCS#11 modules that NSS is accessing without going through NSS, for - example, Java SunPKCS11 provider. The following limitation applies when this is set - : SECMOD_WaitForAnyTokenEvent will not use C_WaitForSlotEvent, in order to prevent the need - for C_Finalize. This call will be emulated instead. - - NSS_INIT_RESERVED - Currently has no effect, but may be used in the future to trigger better - cooperation between PKCS#11 modules used by both NSS and the Java SunPKCS11 provider. This - should occur after a new flag is defined for C_Initialize by the PKCS#11 working group. - - NSS_INIT_COOPERATE - Sets the above four recommended options for applications that use both + - NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED error when loading PKCS#11 + modules. This is necessary if another piece of code is using the same PKCS#11 modules that NSS + is accessing without going through NSS, for example, Java SunPKCS11 provider. + - NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any PKCS#11 module. This may be necessary + in order to ensure continuous operation and proper shutdown sequence if another piece of code + is using the same PKCS#11 modules that NSS is accessing without going through NSS, for + example, Java SunPKCS11 provider. The following limitation applies when this is set + : SECMOD_WaitForAnyTokenEvent will not use C_WaitForSlotEvent, in order to prevent the need + for C_Finalize. This call will be emulated instead. + - NSS_INIT_RESERVED - Currently has no effect, but may be used in the future to trigger better + cooperation between PKCS#11 modules used by both NSS and the Java SunPKCS11 provider. This + should occur after a new flag is defined for C_Initialize by the PKCS#11 working group. + - NSS_INIT_COOPERATE - Sets the above four recommended options for applications that use both NSS and the Java SunPKCS11 provider. .. _return_value: |