curl-library
[PATCH 1/4] nss: select client certificates by DER
Date: Wed, 14 Sep 2011 12:49:18 +0200
Hi libcurl hackers,
as the new release is out (thanks for the release btw.), I think it is time
do some cleanup in the libcurl-NSS code. In the first place, I would like to
change the way it identifies client certificates loaded from files. It has
been using nicknames derived from file base names. File base names are not
unique, which was causing collisions in the certificate selection callback.
With these patches applied, it identifies certificates by DER, which is
extracted directly from the object handle that NSS returns. So there should
be no collisions on nicknames any more. It also removes the code the creates
the NSS undocumented nicknames for certificates from files.
While working on this, I discovered some bugs in NSS, which are going to be
fixed in the next release. This caused some workarounds to be required for
libcurl to be able to use old versions of NSS at least equally well as before.
https://bugzilla.redhat.com/733685#c1
https://bugzilla.redhat.com/734760
There was done a review by Elio Maldonado Batiz from NSS at the Fedora bug:
https://bugzilla.redhat.com/733657
Note the bug is cloned also for other components, although curl is the first
one to be fixed:
https://bugzilla.redhat.com/733749
https://bugzilla.redhat.com/733752
Any feedback welcome!
Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- text/x-patch attachment: 0001-nss-select-client-certificates-by-DER.patch
- text/x-patch attachment: 0002-nss-refactor-fmt_nickname-dup_nickname.patch
- text/x-patch attachment: 0003-nss-big-cleanup-in-nss_load_cert-and-cert_stuff.patch
- text/x-patch attachment: 0004-nss-avoid-a-SIGSEGV-with-immature-version-of-NSS.patch