[xmlsec] another nss patch

[Aleksey Sanin]

> As I mentioned before, I also want to create certificate store based 
> on NSS certificate database handler,
> which will enable us use NSS other features, such as LDAP, OCSP, and 
> various CRLs. 

I believe this is how it is implemented right now, isn't it? Tej?

> And another is I want to create symmetric keys with crypto devices 
> mechanism instead from a random generator,
> although it work well. 

Good! I like this idea!

> And I also want to provide a more common key manager based on slot and 
> certificate database. 

Not sure what do you mean by this but it sounds good to me.

> If you accept my ideas, I think some interfaces will be added, and 
> some interfaces will be modified. 

Well, I have no problems with adding something. But I want to keep API 
stable and I am not sure
that I ready for xmlsec 2.0 yet :) It would be great if you can take a 
look at current APIs and suggest
changes before will merge new xmlsec-nss code to the trunk.

> I'll try my best to finish the work as soon as possible. Because I 
> must talk every details with you all,
> I'am not sure how long

Andrew, I have no objections of adding new features, new code, etc. The 
only thing I want is to understand
what exactly each line of code in xmlsec is doing why it is written this 
way and not another. The reason is simple:
I prefer to have as less bug reports as possible :)

Aleksey