[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6811) Patch - Mozilla NSS - disable pkcs11 fork checking for the software token
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6811) Patch - Mozilla NSS - disable pkcs11 fork checking for the software token
- From: hyc@symas.com
- Date: Sat, 29 Jan 2011 22:31:25 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
richm@stanfordalumni.org wrote:
> The NSS_STRICT_NOFORK environment variable is documented here:
> https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables
>
> Note that if a user really wants the strict pkcs11 behavior, the user
> can set the variable to "1" or some other non-empty value (other than
> "DISABLED").
>
> If you think further documentation is required, I would be happy to
> update the Admin Guide, FAQ-o-matic, man pages, etc.
That looks fine. Most of our docs were written specifically to OpenSSL but
we've added one or two references to GnuTLS since then. I would start by
adding to the FAQ-o-Matic:
http://www.openldap.org/faq/data/cache/196.html
I guess we could update this to mention the availability of GnuTLS and MozNSS
support and perhaps a discussion of their pros and cons. (Though in all
honesty I cannot think of any pros for using GnuTLS. I would use PolarSSL
instead but that's not what the Debian folks asked for...)
Hm, this entire FAQ page is far out of date. If you want to add some MozNSS
info here go ahead, I'll take a pass at the rest of the page later.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/