[xmlsec] another nss patch

Tej Arora tejbiz at aol.com
Wed Jul 23 19:47:37 PDT 2003


Aleksey Sanin wrote:

 >
 > > As I mentioned before, I also want to create certificate store based
 > > on NSS certificate database handler,
 > > which will enable us use NSS other features, such as LDAP, OCSP, and
 > > various CRLs.
 >
 > I believe this is how it is implemented right now, isn't it? Tej?

Yes, the cert/crl store (x509store) is the NSS db right now.
Andrew, LDAP access is not an NSS feature - NSS does nothing
with LDAP AFAIK, so I don't know what you mean.

 >
 > > And another is I want to create symmetric keys with crypto devices
 > > mechanism instead from a random generator,
 > > although it work well.
 >
 > Good! I like this idea!
 >
 > > And I also want to provide a more common key manager based on slot and
 > > certificate database.
 >
 > Not sure what do you mean by this but it sounds good to me.
 >
 > > If you accept my ideas, I think some interfaces will be added, and
 > > some interfaces will be modified.
 >
 > Well, I have no problems with adding something. But I want to keep API
 > stable and I am not sure
 > that I ready for xmlsec 2.0 yet :) It would be great if you can take a
 > look at current APIs and suggest
 > changes before will merge new xmlsec-nss code to the trunk.
 >
 > > I'll try my best to finish the work as soon as possible. Because I
 > > must talk every details with you all,
 > > I'am not sure how long
 >
 > Andrew, I have no objections of adding new features, new code, etc. The
 > only thing I want is to understand
 > what exactly each line of code in xmlsec is doing why it is written this
 > way and not another. The reason is simple:
 > I prefer to have as less bug reports as possible :)
 >
 > Aleksey
 >
 >
 >
 > _______________________________________________
 > xmlsec mailing list
 > xmlsec at aleksey.com
 > http://www.aleksey.com/mailman/listinfo/xmlsec





More information about the xmlsec mailing list