[lsb-discuss] [Fwd: NSS public functions]

Robert Relyea rrelyea at redhat.com
Mon Aug 11 14:41:14 PDT 2008


Hi Howard.

Howard Chu wrote:
> (resending, didn't see this get out the first time)
>
> The presence of CERT_GetDefaultCertDB in this list implies that there may be 
> non-default DBs as well but any APIs for opening/obtaining/closing such DBs 
> are conspicuously absent from this list. (Likewise for *setting* the default.) 
> That seems like an important oversight...
>   
It's a legacy function that has nothing to due with actually certificate 
databases. NSS is perfectly capabable of openning several databases at 
once and using them (In fact the notion of databases are really not 
surfaced at the application level, NSS is perfectly cabable of treating 
PEM as database.
> Since NSS is inextricably dependent on NSPR, the inclusion of NSS in the LSB 
> implies that NSPR must also be in the LSB. No?
>   
NSS is tied to NSPR in the same way as OpenSSL is tied to BIO. Those 
functions map pretty much one for one (we use that fact in openSSL 
compatibility libraries that we use to help port openSSL applications to 
NSS.

Applications do not, however, have to adopt the NSS IO model. We have 
several instances of applications which have their own IO model and just 
use NSPR to do SSL reads and writes.

bob

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3420 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.linux-foundation.org/pipermail/lsb-discuss/attachments/20080811/fdde899d/attachment.bin 


More information about the lsb-discuss mailing list