[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#5696) Patch - support Mozilla NSS for crypto operations

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5696) Patch - support Mozilla NSS for crypto operations
From: rmeggins@redhat.com
Date: Thu, 11 Sep 2008 21:04:16 GMT
This is a cryptographically signed message in MIME format.

--------------ms030000020803000108060801
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Howard Chu wrote:
> rmeggins@redhat.com wrote:
>> Full_Name: Rich Megginson
>> Version: 2.4.11 and current HEAD
>> OS: Fedora
>> URL: ftp://ftp.openldap.org/incoming/openldap-2.4.11-nss-20080911.patch
>> Submission from: (NULL) (76.113.59.19)
>>
>>
>> This patch allows OpenLDAP to use Mozilla NSS for crypto.  The 
>> approach uses the
>> nss_compat_ossl library.  This library allows the code to use the 
>> current
>> OpenSSL API so that the changes to the actual OpenLDAP code are 
>> minimized.  This
>> is the same approach that has been used to port several other 
>> packages to use
>> NSS instead of OpenSSL as part of the Fedora Crypto Consolidation 
>> project.
>>
>> The nss_compat_ossl library is here -
>> http://svn.fedorahosted.org/svn/identity/common/trunk/nss_compat_ossl/ 
>> - it is
>> also included with Fedora
>
> Thanks for the patch. Some notes - for future reference, don't include 
> diffs to generated files (e.g. configure), just include the diffs to 
> the source (e.g. configure.in).
Ok.  Sorry about that.  I've just been applying this patch for testing, 
but yeah, you will just regenerate configure.
> Since "NSS" already has a well-established meaning in POSIX 
> environments (Name Service Switch), I've been referring to this as 
> MozNSS (Mozilla NSS) to avoid confusion.
Ok.  Yeah, it's very confusing.  The nss developers haven't run into 
this problem that much yet - but nss is used quite heavily in the ldap 
space (nss_ldap etc.)
>
> Also, there's already a working implementation of Mozilla NSS support 
> in HEAD, but your patch covers a lot of areas I didn't look at yet 
> (SHA1 hashing, etc) so we'll probably cherrypick pieces of your patch 
> to merge.
Ok.  Sounds good.

--------------ms030000020803000108060801
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJCzCC
AuAwggJJoAMCAQICEFcdcRwRB8xs7lDIZBO/bfowDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MTIwNDE2MzM1OVoX
DTA4MTIwMzE2MzM1OVowRTEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEiMCAG
CSqGSIb3DQEJARYTcm1lZ2dpbnNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANpEUJJ++jpsDRmNt7cla8gygzXXoOHCPCubSxG0juJoxS/4F1UiyVSy0Gzb
C5lVZemRenB+G389Ai11jLKp97S1abeQII26poIkjvYJCjyO92SJNFvb8mz6bkBW9NcH2zBt
odjoeCvdlKuwxg1IX/kYsmz4lirjIVPFPSyqx7jgYhuNpjfR3oUuNRLx5Y6i9Ep+1AmTkoWx
NNwMNFwRUOh78z/Gvh9exCB8Xldd58egHfYluBraFi5IgkGQneI4+VyFrNwwX1XtjI2EmDrO
HnMTZGnkYBH5L6b54bMkIKxMmZrmdzcyQ0JLbz2GZqKo5BUaN4M1M2kTCy0HbKOlhZECAwEA
AaMwMC4wHgYDVR0RBBcwFYETcm1lZ2dpbnNAcmVkaGF0LmNvbTAMBgNVHRMBAf8EAjAAMA0G
CSqGSIb3DQEBBQUAA4GBAELh1VaZchhZmlX93Wmbu8loeXNOP5/RRJVHCgom1N7g4YZBcBwM
1bmoo5b9gK3IPrPxZu2zYuyxwveNM0KdmaYtLzWiStJyifMDb8FtMNvVc5oewQK5tnDUw3dG
MH/TxiE/hEZiRjAVylPiwzq47PjVPIM87Rek8hROvCkaEO6hMIIC4DCCAkmgAwIBAgIQVx1x
HBEHzGzuUMhkE79t+jANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc
VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs
IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDcxMjA0MTYzMzU5WhcNMDgxMjAzMTYzMzU5WjBF
MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSIwIAYJKoZIhvcNAQkBFhNybWVn
Z2luc0ByZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kRQkn76
OmwNGY23tyVryDKDNdeg4cI8K5tLEbSO4mjFL/gXVSLJVLLQbNsLmVVl6ZF6cH4bfz0CLXWM
sqn3tLVpt5AgjbqmgiSO9gkKPI73ZIk0W9vybPpuQFb01wfbMG2h2Oh4K92Uq7DGDUhf+Riy
bPiWKuMhU8U9LKrHuOBiG42mN9HehS41EvHljqL0Sn7UCZOShbE03Aw0XBFQ6HvzP8a+H17E
IHxeV13nx6Ad9iW4GtoWLkiCQZCd4jj5XIWs3DBfVe2MjYSYOs4ecxNkaeRgEfkvpvnhsyQg
rEyZmuZ3NzJDQktvPYZmoqjkFRo3gzUzaRMLLQdso6WFkQIDAQABozAwLjAeBgNVHREEFzAV
gRNybWVnZ2luc0ByZWRoYXQuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEA
QuHVVplyGFmaVf3daZu7yWh5c04/n9FElUcKCibU3uDhhkFwHAzVuaijlv2Arcg+s/Fm7bNi
7LHC940zQp2Zpi0vNaJK0nKJ8wNvwW0w29Vzmh7BArm2cNTDd0Ywf9PGIT+ERmJGMBXKU+LD
Orjs+NU8gzztF6TyFE68KRoQ7qEwggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHR
MQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRv
d24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u
IFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg
Q0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMw
NzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh
d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZy
ZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftO
ucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Va
qj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e2
0TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6
MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENB
LmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJl
bDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0wh
uPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmO
jCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDcTCCA20C
AQEwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEFcd
cRwRB8xs7lDIZBO/bfowCQYFKw4DAhoFAKCCAdAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMDgwOTExMjEwMjU3WjAjBgkqhkiG9w0BCQQxFgQUgrlU70hz
emgL9UroY5tdya2gFvQwXwYJKoZIhvcNAQkPMVIwUDALBglghkgBZQMEAQIwCgYIKoZIhvcN
AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC
AgEoMIGFBgkrBgEEAYI3EAQxeDB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg
Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h
aWwgSXNzdWluZyBDQQIQVx1xHBEHzGzuUMhkE79t+jCBhwYLKoZIhvcNAQkQAgsxeKB2MGIx
CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww
KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQVx1xHBEHzGzu
UMhkE79t+jANBgkqhkiG9w0BAQEFAASCAQAd2tnYv6GJIgrUuiqErc/NxB904FghsimijiCx
jd4WqQ6hK4rJMvq39V8ZYThQoSHhp+w6SjztTwjv6PIMibDl9ZyIIp2d8GexMsxemIRWMMp4
K955F5ZcyB9skETGGOV77adbPebwdLHAk8//oNx75bSw786gr8vxaxu9iYR79fuZNsgzQewS
4u/+9vOxAROy6VMQ+2ZW0hcca/gZLGkIjKL16GRVVAdkHmhHSu3zIOQsmrtX9uzuDyPl+Nrj
nKySb2vCjn+G/VDeKmtWOHfV0aBbBOUBzdLBG8qvNS2HvNZrAJPxIwv+RTn5sHREGjDe8KWO
EOPq+KbmlM06Ccy4AAAAAAAA
--------------ms030000020803000108060801--
Prev by Date: (ITS#5697) Typo on contributing guidelines
Next by Date: Re: (ITS#5696) Patch - support Mozilla NSS for crypto operations
Index(es):
- Chronological
- Thread