cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH 1/3] nss: use a better API for controlling SSL version

From: Kamil Dudka <>
Date: Fri, 29 Nov 2013 11:03:11 +0100

Hi Daniel,

On Thursday, November 28, 2013 22:52:01 Daniel Stenberg wrote:
> The changes look fine to me but I'm really not any NSS wizard. Have you
> checked if these changes still work with 3.12.x (that we claim to support in
> docs/INTERNALS) ?

you have a good point. The API required by the patch was introduced in NSS
3.14. It would be possible to introduce a new compile-time check and support
both the APIs. On the other hand, I am not aware of any secured NSS release
older than 3.14. Upstream does not backport security fixes to older releases
and neither does Red Hat. Even the oldest supported RHEL now uses NSS 3.14:

Hence I propose to just update docs/INTERNALS to require the new version and
to check for the new symbols in the autoconf check enabling the build against
NSS. Any objections?

List admin:
Received on 2013-11-29