rmeggins@redhat.com wrote:

You are right, Howard. It works as you described. I'm not sure what happened in my testing. Mea culpa.

This is a new patch with the SetURL changes backed out.

ftp://ftp.openldap.org/incoming/openldap-2.4.20-tls_m_c-InitContext-PEM-20091218-3.patch

OK. Another question - you're only using NSS_InitContext() for client initialization. Any particular reason not to always use it?

Also in tlsm_ctx_free() is it safe to pass a NULL to NSS_ShutdownContext()? I think these two lines should be enclosed in "if (c->tc_initctx) {}"