[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6811) Patch - Mozilla NSS - disable pkcs11 fork checking for the software token

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6811) Patch - Mozilla NSS - disable pkcs11 fork checking for the software token
From: hyc@symas.com
Date: Sat, 29 Jan 2011 22:31:25 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

richm@stanfordalumni.org wrote:
> The NSS_STRICT_NOFORK environment variable is documented here:
> https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables
>
> Note that if a user really wants the strict pkcs11 behavior, the user
> can set the variable to "1" or some other non-empty value (other than
> "DISABLED").
>
> If you think further documentation is required, I would be happy to
> update the Admin Guide, FAQ-o-matic, man pages, etc.

That looks fine. Most of our docs were written specifically to OpenSSL but 
we've added one or two references to GnuTLS since then. I would start by 
adding to the FAQ-o-Matic:

http://www.openldap.org/faq/data/cache/196.html

I guess we could update this to mention the availability of GnuTLS and MozNSS 
support and perhaps a discussion of their pros and cons. (Though in all 
honesty I cannot think of any pros for using GnuTLS. I would use PolarSSL 
instead but that's not what the Debian folks asked for...)

Hm, this entire FAQ page is far out of date. If you want to add some MozNSS 
info here go ahead, I'll take a pass at the rest of the page later.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6811) Patch - Mozilla NSS - disable pkcs11 fork checking for the software token
Next by Date: Re: (ITS#6749) Shut up "configure monitor database to enable"
Index(es):
- Chronological
- Thread