rmeggins@redhat.com wrote:
Full_Name: Rich Megginson Version: 2.4.11 and current HEAD OS: Fedora URL: ftp://ftp.openldap.org/incoming/openldap-2.4.11-nss-20080911.patch Submission from: (NULL) (76.113.59.19)
This patch allows OpenLDAP to use Mozilla NSS for crypto. The approach uses the nss_compat_ossl library. This library allows the code to use the current OpenSSL API so that the changes to the actual OpenLDAP code are minimized. This is the same approach that has been used to port several other packages to use NSS instead of OpenSSL as part of the Fedora Crypto Consolidation project.
The nss_compat_ossl library is here - http://svn.fedorahosted.org/svn/identity/common/trunk/nss_compat_ossl/ - it is also included with Fedora
Thanks for the patch. Some notes - for future reference, don't include diffs to generated files (e.g. configure), just include the diffs to the source (e.g. configure.in). Since "NSS" already has a well-established meaning in POSIX environments (Name Service Switch), I've been referring to this as MozNSS (Mozilla NSS) to avoid confusion.
Also, there's already a working implementation of Mozilla NSS support in HEAD, but your patch covers a lot of areas I didn't look at yet (SHA1 hashing, etc) so we'll probably cherrypick pieces of your patch to merge.