> > Actually, most of the developers who work on it are > developing it for > > servers. It is revenue from server sales that pay the salaries of > > most of NSS developers (since revenues from browser sales > are ... low :). > > They must be using it in pretty simple scenarios so far. The > whole "who called > NSS_Init first" game is really pretty fundamental...
I think you're missing that you can have several applications that use NSS with their own configurations running at the same time, not only one copy of NSS initialized system-wide. For example, on windows xp Firefox and Thunderbird each have their own set of db files and their own copies of the NSS/NSPR libs and you can have both running at the same time with totally different configurations. As another example, look at the Fedora Directory Server and Fedora Dogtag Certificate Authority products. They are both Sun->Netscape->Red Hat->Fedora server products. You can have several "instances" of each product running on a single machine each with its own set of keys/certs/crypto modules. Before NSS 3.12, you needed to use a separate cert/keydb for each application as the underlying database format didn't support multiple access if any one process had it open writable, but NSS 3.12 now supports a shareable format but it is not enabled by default which most likely explains why you still see key3 and cert8 files. Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto