[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5696) Patch - support Mozilla NSS for crypto operations

rmeggins@redhat.com wrote:
> Full_Name: Rich Megginson
> Version: 2.4.11 and current HEAD
> OS: Fedora
> URL: ftp://ftp.openldap.org/incoming/openldap-2.4.11-nss-20080911.patch
> Submission from: (NULL) (
> This patch allows OpenLDAP to use Mozilla NSS for crypto.  The approach uses the
> nss_compat_ossl library.  This library allows the code to use the current
> OpenSSL API so that the changes to the actual OpenLDAP code are minimized.  This
> is the same approach that has been used to port several other packages to use
> NSS instead of OpenSSL as part of the Fedora Crypto Consolidation project.
> The nss_compat_ossl library is here -
> http://svn.fedorahosted.org/svn/identity/common/trunk/nss_compat_ossl/ - it is
> also included with Fedora

Thanks for the patch. Some notes - for future reference, don't include diffs 
to generated files (e.g. configure), just include the diffs to the source 
(e.g. configure.in). Since "NSS" already has a well-established meaning in 
POSIX environments (Name Service Switch), I've been referring to this as 
MozNSS (Mozilla NSS) to avoid confusion.

Also, there's already a working implementation of Mozilla NSS support in HEAD, 
but your patch covers a lot of areas I didn't look at yet (SHA1 hashing, etc) 
so we'll probably cherrypick pieces of your patch to merge.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/