santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Cantor" <canto...@osu.edu>
Subject RE: Using NSS as crypto-provider for xml-security-c
Date Tue, 27 Jul 2010 17:05:09 GMT
> I am trying to build xml-security-c  for Linux with NSS support.

To bring you up to speed:

- The original author of the code is more or less absent
- I'm maintaining the code for my own projects, which do not include NSS
support
- I can't test or support the NSS code, so I don't know if I break it or not
when I do releases
- The only attempt I ever made to use it was on Windows
- Nobody has shown up recently to test or support it, or report issues

So, all that said....

> After a bit of tinkering around, it seems to me that there is only a
mention
> of the NSS sources in the lib/Makefile.am in EXTRAS section and no
specific
> Makefile.

That's the way it looks, and that predates my involvement (I didn't make it
look like that). I would say that it's a bug, there should be a conditional
inclusion in lib/Makefile.am just like with the OpenSSL support, and there
would also need to be cleanup to ensure that regardless of which option were
used with configure, all the sources get included in make dist.

> Is there an official way to activate it or am I doomed to manually patch
the
> build process ?

Looks like it's a bug at this point. I have a release coming later this
year, and I'll at least fix that and/or include any patches you can provide.

I would also note that the new work I just did on eliptic curve support does
not include NSS. The system is supposed to fail gracefully on that stuff, so
it shouldn't break any existing support, just not handle the new stuff. But
again, that's untested.

I guess I should add that I considered raising a question as to whether to
continue to maintain the NSS and WinCrypt support, given that I can't
maintain them or maintain feature parity. One person showing up isn't likely
to convince me to keep it, but one's better than none. ;-)

-- Scott



Mime
View raw message