As of today, OCSP in NSS does not work from within an environment that
requires the use of a proxy server to access the OCSP responder server.
Instead of extending NSS' internal HTTP client with support for proxies,
we are working on a mechanism that allows a client application to do
HTTP communication on behalf of NSS.
This strategy seems reasonable, as Mozilla applications already come
with functionality to access various kinds of proxies, including
configuration and authentication.
A callback API is currently being specified and its draft can be found
in the patches attached to:
https://bugzilla.mozilla.org/show_bug.cgi?id=152426
If you'd like to add support for HTTP proxies in your own NSS
application, you will be able to provide your own implementation of the
callback API, possibly as a thin layer to some other HTTP library of
your choice? I found a list of some other libraries here:
http://curl.haxx.se/libcurl/competitors.html
We plan to provide documentation on how to make use of the new HTTP
callback API on this wiki page:
http://developer.mozilla.org/en/docs/HTTP_Delegation
In order to implement this callback API in Mozilla client applications
(Firefox/Thunderbird/Seamonkey), changes are required to PSM and the way
it does SSL. You can track the work here:
https://bugzilla.mozilla.org/show_bug.cgi?id=111384
There are text attachments that explain the changes in more detail.
Did you produce an application that includes not just NSS, but also PSM
and it's additional SSL layering? If your own application using PSM is
not yet a multithreaded application, be warned that a future version of
PSM will require the use of additional threads.
Kai
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
