[xmlsec] another nss patch
Tej Arora
tejbiz@aol.com
Wed, 23 Jul 2003 19:47:37 -0700
Aleksey Sanin wrote:
>
> > As I mentioned before, I also want to create certificate store based
> > on NSS certificate database handler,
> > which will enable us use NSS other features, such as LDAP, OCSP, and
> > various CRLs.
>
> I believe this is how it is implemented right now, isn't it? Tej?
Yes, the cert/crl store (x509store) is the NSS db right now.
Andrew, LDAP access is not an NSS feature - NSS does nothing
with LDAP AFAIK, so I don't know what you mean.
>
> > And another is I want to create symmetric keys with crypto devices
> > mechanism instead from a random generator,
> > although it work well.
>
> Good! I like this idea!
>
> > And I also want to provide a more common key manager based on slot and
> > certificate database.
>
> Not sure what do you mean by this but it sounds good to me.
>
> > If you accept my ideas, I think some interfaces will be added, and
> > some interfaces will be modified.
>
> Well, I have no problems with adding something. But I want to keep API
> stable and I am not sure
> that I ready for xmlsec 2.0 yet :) It would be great if you can take a
> look at current APIs and suggest
> changes before will merge new xmlsec-nss code to the trunk.
>
> > I'll try my best to finish the work as soon as possible. Because I
> > must talk every details with you all,
> > I'am not sure how long
>
> Andrew, I have no objections of adding new features, new code, etc. The
> only thing I want is to understand
> what exactly each line of code in xmlsec is doing why it is written this
> way and not another. The reason is simple:
> I prefer to have as less bug reports as possible :)
>
> Aleksey
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec@aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec