[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5696) Patch - support Mozilla NSS for crypto operations
rmeggins@redhat.com wrote:
> Full_Name: Rich Megginson
> Version: 2.4.11 and current HEAD
> OS: Fedora
> URL: ftp://ftp.openldap.org/incoming/openldap-2.4.11-nss-20080911.patch
> Submission from: (NULL) (76.113.59.19)
>
>
> This patch allows OpenLDAP to use Mozilla NSS for crypto. The approach uses the
> nss_compat_ossl library. This library allows the code to use the current
> OpenSSL API so that the changes to the actual OpenLDAP code are minimized. This
> is the same approach that has been used to port several other packages to use
> NSS instead of OpenSSL as part of the Fedora Crypto Consolidation project.
>
> The nss_compat_ossl library is here -
> http://svn.fedorahosted.org/svn/identity/common/trunk/nss_compat_ossl/ - it is
> also included with Fedora
Thanks for the patch. Some notes - for future reference, don't include diffs
to generated files (e.g. configure), just include the diffs to the source
(e.g. configure.in). Since "NSS" already has a well-established meaning in
POSIX environments (Name Service Switch), I've been referring to this as
MozNSS (Mozilla NSS) to avoid confusion.
Also, there's already a working implementation of Mozilla NSS support in HEAD,
but your patch covers a lot of areas I didn't look at yet (SHA1 hashing, etc)
so we'll probably cherrypick pieces of your patch to merge.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/