On Wed, 9 Mar 2011, Anders Rundgren wrote:
It is too late introducing TLS-SRP, the market will not use it.
Uh? There's not just one single market that will or won't use a particular
protocol feature. There are plenty of different areas where TLS is used and
some of them will use TLS-SRP,
On Mon, 7 Mar 2011, Brian Smith wrote:
But Curl, that supports secret keys from version 7.21.4, with GnuTLS only
at the moment but is pushing hard to get in in Openssl also, apparently has
simply given up about having TSP-SRP support when compiled with NSS.
Can I just add that we (in the
On Thu, 6 Aug 2009, Eddy Nigg wrote:
Yes, that was Curl and here the link to the page
http://curl.netmirror.org/docs/caextract.html and this is the tool:
http://curl.netmirror.org/docs/parse-certs.txt
Please don't use that site. It is an outdated mirror with old contents. :-(
The current
On Sat, 21 Mar 2009, John D wrote:
I wonder how thread safe NSS' integration with libcurl actually is. No
offense Daniel but after switching to gnutils with their macros all problems
related to this matter are resolved. So be it.
I'm absolutely sure on how we use NSS in libcurl, and the
On Fri, 20 Mar 2009, Nelson B Bolyard wrote:
It would be inappropriate for NSS to defeat sigpipe's signal handler. The
handling of that signal is the responsibility of the application, or code at
a higher level than NSS. Perhaps it would be appropriate for libcurl to do
that.
SIGPIPE is a
On Fri, 20 Mar 2009, Wan-Teh Chang wrote:
But I agree that SIGPIPE is an exception. This is why NSPR (a depenency of
NSS) calls sigaction() to ignore SIGPIPE during initialization. Note that
this is done for self protection, rather than as a documented service to the
NSPR client.
But
On Fri, 20 Mar 2009, John D wrote:
Each thread created, will call a function that runs a curl easy setopt
operation.
John: Do you call the curl_global_init() before you start any threads and use
libcurl? Can you get some further symbols in the stack trace to help me/us
with seeing who calls
On Fri, 20 Mar 2009, Wan-Teh Chang wrote:
I didn't mean that SIGPIPE is ignored only during NSPR initialization. I
meant that NSPR's initialization function calls sigaction to ignore SIGPIPE.
Oh, well that might just've been me being thick sorry. Still I read you now
loud and clear, thanks!
On Fri, 20 Mar 2009, Julien R Pierre - Sun Microsystems wrote:
NSS team: Is PR_Init() thread-safe?
No, it is not thread-safe by definition, and must be called and completed
before any other call to NSPR functions are made in any other thread.
Typically, PR_Init is called in the primordial
On Sat, 10 Jan 2009, Nelson B Bolyard wrote:
http://www.ssl-inspector.com/
Others:
http://www.finjan.com/content.aspx?id=190
http://www.breach.com/assets/files/downloads/breachviewssl_whitepaper.pdf
http://hosteddocs.ittoolbox.com/541_BlueCoat_SSL_Accel_wp_v3d.pdf
On Wed, 20 Aug 2008, Wan-Teh Chang wrote:
certutil: function failed: security library: bad database.
'DB' is the directory that contains your NSS databases.
Thanks for that and sorry for not doing my home work properly.
This turns out to generate a rather interesting list. Using my currently
On Thu, 21 Aug 2008, Kyle Hamilton wrote:
The current certdata.txt in the repository is not the one that generated
your version of Firefox. (There have been a couple of changes in the past
couple of months, and no client releases.)
But where is the certdata.txt that was used for my Firefox
On Tue, 19 Aug 2008, Nelson Bolyard wrote:
Here's a simple (?) shell script to do it.
Great!
certutil -L -h 'Builtin Object Token' -d DB
What exactly is 'DB' in this context? My firefox 3 directory has three .db
files, and trying them all one by one makes certutil with the command line
On Sun, 17 Aug 2008, Kyle Hamilton wrote:
OpenSSL does not have a root-certificate program. The official
position (from http://www.openssl.org/support/faq.html#USER16) is that
the job of OpenSSL is to create the code to make trust possible, not
dictate who to trust.
In fact, that same FAQ
On Sat, 16 Aug 2008, Nelson B Bolyard wrote:
curl is completely independent from browsers, and when installed in systems
it usually uses the system-wide CA cert bundle. Of course it has command
line options to allow the user to specify what CA bundle to use (or indeed
other certs etc).
On Sat, 26 Jul 2008, Nelson Bolyard wrote:
As a user of OpenSSL, NSS, yassl and GnuTLS I can certainly agree that
GnuTLS has flaws in its API but NSS most certainly also has flaws as well
_and_ notable missing features that GnuTLS offers.
Daniel, please tell us what features are missing
On Mon, 28 Jul 2008, Nelson B Bolyard wrote:
NSS is quite capable of importing certificates in PEM format.
Importing them where? If I want to use NSS for the TLS layer and I have the ca
cert in a PEM format file, how can I make NSS use that file when I connect to
the peer?
My current code
On Sat, 26 Jul 2008, Michael Ströder wrote:
http://trac.gnutls.org/cgi-bin/trac.cgi/ticket/18#comment:1
(Well, they even aren't keeping their issue tracker spam-free...)
Please, spam is hardly their fault and I don't think you help them any way by
being rude.
As a user of OpenSSL, NSS,
On Wed, 23 Jul 2008, Ruchi Lohani wrote:
Since a lot of open source softwares are using NSS, I wish to know whether
we have some documentation on specifics of
OpenSSL and NSS and the advantages NSS has over OpenSSL. If so, can anybody
direct me over that or just give a brief comparison of
On Fri, 18 Jul 2008, Matt Lawson wrote:
2. Implement the ssh and sftp protocols over NSS's SSL sockets myself
If you go this route, I'd suggest you instead get libssh2 (www.libssh2.org)
and just port it to be able to use NSS. It can currently be built to use
either OpenSSL or GnuTLS so parts
On Wed, 25 Jun 2008, Nelson B Bolyard wrote:
That sounds great. Of course there's no need to do anything LSB, you
could just at this very moment establish a subdir (called say nss) that
you use for your public headers and make sure that's the way all distros
would use.
We don't have much
Nelson B Bolyard nelson at bolyard.com writes:
(replying a bit out of context to sorry if the threading is not kept perfectly
intact)
Since NSS support has been added to cURL library,
No kidding! When did that happen?
Since about February 2007 and at least Fedora 9 ships curl build
22 matches
Mail list logo