Daniel Stenberg wrote:
> On Fri, 14 Sep 2007, Rob Crittenden wrote:
>
> Thanks for this NSS update!
>
>> Fedora 8/rawhide has switched curl from using OpenSSL to using NSS as
>> the SSL engine. This illuminated some issues with the current NSS
>> module, notably its lack of support for file-based certificates and a
>> difference in the meaning of command-line arguments. This patch
>> addresses those.
>
> [...]
>
>> The libnsspem.so PKCS#11 module is currently only available in Fedora
>> 8/rawhide. Work will be done soon to upstream it. The NSS module will
>> with or without it, all that changes is the source of the certificates
>> and keys.
>
> First, the latter of course prevented me from trying this in my end (at
> least I think it was due to that, I have no PK11_CreateGenericObject
> function), so I would really like to see some configure magic added to
> cover for this since even if you send this upstream it'll take some time
> before all possible NSS installations will have it...

Sorry about that. Fixed. This means of course that libcurl will need to
be rebuilt when an updated NSS becomes available.

> Besides that, I do have some remarks on the patch:
>
> #1 - it gives me multiple warnings (try configure --enable-debug and you
> should see them as well)

Fixed.

> #2 - its use of static variables will prevent libcurl-using applications
> from
> for example do threaded transfers, and I think I can even think up
> cases
> where multi interface uses will break due to this.

Should be thread-safe now.

> #3 - albeit a minor issue, the code didn't follow curl source code
> standards
> on multiple places: odd brace placement, long lines, non-standard
> indent
>

I fixed a few problems. I'm not sure what defines a long line, it isn't
specified in docs/CONTRIBUTE. But this patch should be closer.

regards

rob