[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libnss consolidation (was: Re: X.509 and CA certificates for other purposes (i.e. the IGTF))

* Bastien ROUCARIES:

> Maybe crypto consolidation arround libnss will greatly help here.
> jessie release goal ?

NSS has lots of global state, and its proper initialization from
another library is difficult.  Switching over to it is probably
doable, but it's not really straightforward.  On the other hand, the
TLS implementation in NSS has been doing host name validation for a
long time, which is still problematic with some of the other

NSS has its own problems with SUID/SGID binaries, but these could be
addressed by switching PR_GetEnv to secure_getenv.

Reply to: