[xmlsec] xmlsec-nss patch
aleksey at aleksey.com
Sun Jul 20 20:45:16 PDT 2003
It took less time than I expected to look at your changes :) Almost
great except few minor things listed bellow. I have checked in your
the same XMLSEC_NSS_030714 with only one change (item 0) bellow).
However, there are a couple items (1) and 2)) that needs to be resolved
before we can put this code into the trunk.
BTW, I can't run the xmlsec-nss tests because of certutiland I could
not test xmlsec-nss
with valgrind :(
0) I have moved the NSS DB reset code from test*.sh scripts to the top level
Makefile.am. No need to repeat it again and again. This allowed me to
xmlsec-config option from the test*.sh scripts. Also I don't think that
to pass crypto_config to these scripts because nobody else should use it
anyway (it is also removed).
1) As I mentioned before, I don't have "cryptoutil" installed. Thus
might miss it too :) We need to find a way to avoid using this tool in
the tests scripts.
Is it possible to initializa the nss db from xmlSecNssAppInit() instead
(if config is not
NULL and NSS DB does not exist there, create it)?
2) xmlSecNssAppPkcs12Load(): why do you do these initializations in this
It seems to me that it's a wrong idea. These initializations are global.
can be called many times from multiple threads. IMO, these
need to be done once in applicaiton init function (xmlSecNssAppInit?).
Please take a look at it.
3) keysstore.c: I wonder why do you need to have simple keys store in
keys manager? Why you could not use only NSS keydb?
4) warnings about __CERT_NewTempCertificate function:
src/nss/app.c:847: warning: implicit declaration of function
x509.c:1494: warning: implicit declaration of function
Is it worth it to put a declaration somewhere in xmlsec-nss headers if
it does not exist in NSS?
More information about the xmlsec