OK. Another question - you're only using NSS_InitContext() for client initialization. Any particular reason not to always use it?

I had coded around a bug in NSS_InitContext that caused it not to work in server mode - the MozNSS guys are aware of this issue - I'm waiting on the fix.

Also in tlsm_ctx_free() is it safe to pass a NULL to NSS_ShutdownContext()? I think these two lines should be enclosed in "if (c->tc_initctx) {}"

I'll change it to check for NULL.