Comment 6 for bug 236853

Ouch...

The NSS contract is NO nss calls are made until NSS is initialized (period). We guarrentee you a crash if you do.

To date, PSM has been the only user of NSS inside a mozilla app.

If someone outside PSM is calling NSS directly, they, at the very least, need to do the minimal xpcom calls to access the crypto object (exported by PSM). Simply setting up that object will guarrentee NSS is initialized properly.

That does not necessarily mean you are home free (PSM keeps track of the NSS objects it creates to make sure it closes them all down if mozilla wants to switch users, for instance, as well as keeps track that mozilla isn't in the middle of shutting down (to make sure no calls are made after NSS is shutdown).

bob

> I suspect that the lock is only required for modifying the contents of the
> lock?

No, the lock is required for both reading and writing. Looking at the code, it's clear it should be acquired before getting the list (as adding, and removal could in theory change the pointer).

In practice the first module is the softoken, which is never removed (though it may change character), so such a bug is unlikely to show up. (Actually changes to the module list is extremely rarer anyway. Adding and deleting pkcs #11 modules in mozilla are the only way it happens in any real application that I know of.