Re: how do I test if NSS supports an algorithm at build time?

We do this probing in NSS because we can't guarantee that the softoken implementation matches the libssl implementation version. Yeah, strange world we live in, right? The probe is a little ugly, because there isn't a straight function you can call that says "this algorithm is supported": This

Re: How do selfserv and tstclnt support ALPN?

Thanks for the clarification! 2018-02-07 22:43 GMT+08:00 Franziskus Kiefer : > Hi, > > -Q was added in NSS 3.26 and adds, as described, "ALPN for HTTP/1.1 > [RFC7301]". > There's currently non way to set a custom ALPN. > > Cheers > > On Wed, Feb 7, 2018 at 12:03 PM, John

selfserv and tstclnt on SNI

Hi, Using NSS 3.35. It looks tstclnt always send SNI extension, even though no option "-a". As for selfserv, I suppose it should have an option for configuring multiple certificates (nicknames) for server side. But I don't find it. In addition, option "-n" means rsa_nickname, but with my

How do selfserv and tstclnt support ALPN?

Hi, I'm playing selfserv and tstclnt from a NSS 3.35 build. Although selfserv introduces option "-Q" for enabling ALPN, I don't find any option to allow selfserv and tstclnt to specify their application protocols respectively. How to make selfserv and tstclnt to negotiate application protocol?

Re: How do selfserv and tstclnt support ALPN?

Hi, -Q was added in NSS 3.26 and adds, as described, "ALPN for HTTP/1.1 [RFC7301]". There's currently non way to set a custom ALPN. Cheers On Wed, Feb 7, 2018 at 12:03 PM, John Jiang wrote: > Hi, > I'm playing selfserv and tstclnt from a NSS 3.35 build. > Although

how do I test if NSS supports an algorithm at build time?

Hi, I'd like to use SEC_OID_CURVE25519 but I noticed older NSS versions don't have it. What is the correct way to check for things like this at build time? As an aside, is there anything I should be doing to sanity check that the runtime SO is valid for my build. Andrew (yes, I know about

Re: how do I test if NSS supports an algorithm at build time?

On Wed, 7 Feb 2018, Andrew Cagney wrote: I'd like to use SEC_OID_CURVE25519 but I noticed older NSS versions don't have it. What is the correct way to check for things like this at build time? But you'd want to check runtime, because someone might update the nss install to one that does

Re: how do I test if NSS supports an algorithm at build time?

You should probably try to detect this at runtime. At compile time you can simply check if SEC_OID_CURVE25519 exists and fail (or do something else) if it doesn't. At runtime you could try using SEC_OID_CURVE25519 (with your own define to 355) and have a fallback if NSS gives you an error on

Re: how do I test if NSS supports an algorithm at build time?

On 7 February 2018 at 10:41, Franziskus Kiefer wrote: > You should probably try to detect this at runtime. > At compile time you can simply check if SEC_OID_CURVE25519 exists and fail > (or do something else) if it doesn't. > > At runtime you could try using

Re: how do I test if NSS supports an algorithm at build time?

On 7 February 2018 at 11:45, Andrew Cagney wrote: > On 7 February 2018 at 10:41, Franziskus Kiefer wrote: >> You should probably try to detect this at runtime. >> At compile time you can simply check if SEC_OID_CURVE25519 exists and fail >> (or do