Kurt(a)OpenLDAP.org wrote: Right, that makes the most sense. Yes (but the option will be "moznss"). I currently build against a copy of NSS in my Mozilla build tree. There's nothing installed with pkg-config. I would like to avoid a dependency on pkg-config. Also, the patch uses the OpenSSL-compatibility stuff in NSS. The current code in HEAD uses NSS natively, and I'd prefer not to have the -compat dependency as well. That's a key requirement to me personally, because otherwise it will not interoperate with Mozilla/Seamonkey, and right now that's my primary goal for this work. It's been a few months since I last looked at this and it took me a while to remember all the issues surrounding it... There are two major problems with the current MozNSS support in HEAD: 1) It does no initialization of its own. This works with Seamonkey/Thunderbird because the main app has already initialized the NSS library; libldap just uses the state that's already there. Code to initialize properly when NSS hasn't already been initialized still needs to be written. 2) It cannot shutdown safely. This is a weakness in the NSS API that was discussed at length in the Mozilla newsgroups. Unfortunately that discussion went nowhere. (The NSS_Shutdown() function tears down the library unconditionally; if there were multiple callers of the library and one of them shuts down because it's going away, all of the other callers lose the library too.) Another problem I've had in integrating is that the documentation is out of date with the code - the docs recommend certain APIs and practices that are actually deprecated in the actual code. This has led down a lot of blind alleys/dead ends that could otherwise have been avoided... -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/