cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH 1/3] nss: use a better API for controlling SSL version

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Fri, 29 Nov 2013 11:03:11 +0100

Hi Daniel,

On Thursday, November 28, 2013 22:52:01 Daniel Stenberg wrote:
> The changes look fine to me but I'm really not any NSS wizard. Have you
> checked if these changes still work with 3.12.x (that we claim to support in
> docs/INTERNALS) ?

you have a good point. The API required by the patch was introduced in NSS
3.14. It would be possible to introduce a new compile-time check and support
both the APIs. On the other hand, I am not aware of any secured NSS release
older than 3.14. Upstream does not backport security fixes to older releases
and neither does Red Hat. Even the oldest supported RHEL now uses NSS 3.14:

http://rhn.redhat.com/errata/RHBA-2013-1318.html

Hence I propose to just update docs/INTERNALS to require the new version and
to check for the new symbols in the autoconf check enabling the build against
NSS. Any objections?

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-11-29

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [PATCH 1/3] nss: use a better API for controlling SSL version"
Previous message: Andrey Bocharnikov: "crash on curl_ntlm_sspi_cleanup"
In reply to: Daniel Stenberg: "Re: [PATCH 1/3] nss: use a better API for controlling SSL version"
Next in thread: Daniel Stenberg: "Re: [PATCH 1/3] nss: use a better API for controlling SSL version"
Reply: Daniel Stenberg: "Re: [PATCH 1/3] nss: use a better API for controlling SSL version"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]