[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5696) Patch - support Mozilla NSS for crypto operations

rmeggins@redhat.com wrote:
> Full_Name: Rich Megginson
> Version: current CVS HEAD (as of July 2, 2009)
> OS: Fedora
> URL: ftp://ftp.openldap.org/incoming/openldap-2.4.16-moznss-20090702.patch
> This is a new patch - diffs from older patch
> 1) Implements tls_m.c MozNSS crypto - including parsing of openssl-style
> cipher suite configuration - things still missing
> 1a) support for multiple MozNSS initialize - work is being done upstream
> to support this
> 1b) support for reading PEM files - there is now a PEM PKCS11 module in
> Fedora which is being incorporated into NSS upstream

Thanks, I've committed most of this patch. I've omitted the SHA1/MD5 patches 
since I think it's better to use our bundled version uniformly for password 

For doc purposes, it's simple for us to point people at openssl.org or 
gnutls.org; what's a canonical URL to direct people to for MozNSS?

> 2) removes pkg-config stuff from configure.in - user must specify
> include path and lib path in environment

Ok. The configure patches are in too, so moznss may be selected. But I think 
we'll wait on making this generally available until we know what the story 
will be for PEM and multi-init.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/