Re: [PATCH] Update NSS support
Date: Tue, 18 Sep 2007 17:17:02 -0400
Daniel Stenberg wrote:
> On Fri, 14 Sep 2007, Rob Crittenden wrote:
> Thanks for this NSS update!
>> Fedora 8/rawhide has switched curl from using OpenSSL to using NSS as
>> the SSL engine. This illuminated some issues with the current NSS
>> module, notably its lack of support for file-based certificates and a
>> difference in the meaning of command-line arguments. This patch
>> addresses those.
>> The libnsspem.so PKCS#11 module is currently only available in Fedora
>> 8/rawhide. Work will be done soon to upstream it. The NSS module will
>> with or without it, all that changes is the source of the certificates
>> and keys.
> First, the latter of course prevented me from trying this in my end (at
> least I think it was due to that, I have no PK11_CreateGenericObject
> function), so I would really like to see some configure magic added to
> cover for this since even if you send this upstream it'll take some time
> before all possible NSS installations will have it...
Sorry about that. Fixed. This means of course that libcurl will need to
be rebuilt when an updated NSS becomes available.
> Besides that, I do have some remarks on the patch:
> #1 - it gives me multiple warnings (try configure --enable-debug and you
> should see them as well)
> #2 - its use of static variables will prevent libcurl-using applications
> for example do threaded transfers, and I think I can even think up
> where multi interface uses will break due to this.
Should be thread-safe now.
> #3 - albeit a minor issue, the code didn't follow curl source code
> on multiple places: odd brace placement, long lines, non-standard
I fixed a few problems. I'm not sure what defines a long line, it isn't
specified in docs/CONTRIBUTE. But this patch should be closer.
- text/x-patch attachment: curl-nsspem.patch
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature