[xmlsec] another nss patch

Aleksey Sanin aleksey@aleksey.com
Wed, 23 Jul 2003 17:55:49 -0700 

Hi, Tej!

I have applied and commited your new patch with one small change:  I am not
sure that xmlsec-nss on Windows would work if you use XMLSEC_CRYPTO_EXPORT
macro when declaring __CERT_NewTempCertificate() function in src/nss/app.c
I think that better way would be to just use "extern" keyword:
    extern CERTCertificate * __CERT_NewTempCertificate(...);
I made this replacement and everything seems to be working fine :)


Now I can run xmlsec-nss test scripts (thanks for you change to remove 
certutil
dependency!) I can look at the test failures you mentioned. Seems like 
we are
getting very close and I would like to write down what else needs to be 
done:
    0) License issues (tracking). As we discussed, you'll prepare and 
submit the
    full patch from branch to trunk when we will be ready.

    1) Windows build. Seems it is completely broken now. May be we can work
    with Igor on fixing this.

    2) Documentation.
        2a) I believe that you have commented all the API functions.
        But docs generation scripts reported one error:
         
        WARNING: Parameter description missing in source code comment 
block -
         Func: xmlSecNssNodeGetBigNumValue Param: arena.
   
        and two undocumented functions:
         
          xmlSecNssPKIAdoptKey
          xmlSecNssTransformKWAes256GetKlass

        2b) Next, it would be great if you can update interop matrix for 
xmlsec-nss
        (docs/xmldsig.html and docs/xmlenc.html) with new algorithms you've
        added.

        2c) Also I would appreciate if you prepare a small write up 
about xmlsec-nss:
        how default keys manager works, how xmlsec-nss deals with keys, etc.
        May be some xmlsec-nss specific examples of working with key db.
        This would be very helpfull for anyone who wants to use xmlsec-nss.

        2d) I think you have a list of things that still needs to be 
done (some NSS
        dependencies, etc.). It would be great to put it somewhere 
(README file
        in src/nss ?) so anyone would know what works and what does not 
and why.

    3) Tests. I'll look at the failing tests and we'll see what can we 
do about that.
    Seems that some tests need to be updated.

    4) Andrew's patches. Not sure but we can probably finish this after 
we put
    new xmlsec-nss to the trunk. Andrew, do you expect to have any API 
changes
    for the current xmlsec-nss implemetation?

Tej, I would apreciate if you add anything I missed or correct something.

Thanks again for doing all this!
Aleksey