[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libnss consolidation (was: Re: X.509 and CA certificates for other purposes (i.e. the IGTF))




Le 10 juin 2013 07:06, "Florian Weimer" <fw@deneb.enyo.de> a écrit :
>
> * Bastien ROUCARIES:
>
> > Maybe crypto consolidation arround libnss will greatly help here.
> > jessie release goal ?
>
> NSS has lots of global state, and its proper initialization from
> another library is difficult.

Could you give some pointer?
 Switching over to it is probably
> doable, but it's not really straightforward.

 On the other hand, the
> TLS implementation in NSS has been doing host name validation for a
> long time, which is still problematic with some of the other
> implementations.
>
> NSS has its own problems with SUID/SGID binaries, but these could be
> addressed by switching PR_GetEnv to secure_getenv.

Could you also give some pointer?

I will open a wiki page
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: 87vc5mtuzr.fsf_-_@mid.deneb.enyo.de">http://lists.debian.org/87vc5mtuzr.fsf_-_@mid.deneb.enyo.de
>


Reply to: