On 23.02.2017 02:04, Peter Fern wrote:
> On 23/02/17 05:26, Rob Crittenden wrote:
>> It's been many moons since I worked on nss-pem but from what I can tell
>> it should be buildable outside of NSS so can ship as a separate package.
>> You might try building it locally to see if it resolves the issues for
>> you. It resides at https://github.com/kdudka/nss-pem
> 
> I had to modify an include path, and it links against some static libs
> (libfreebl.a, libnssb.a, libnssckfw.a) that are not included in the
> current Debian libnss3 packages, so a non-trivial packaging effort.  And
> because certmonger appears to use nss directly, linking against a
> different libcurl variant is also probably not an option.
> 
> There are other issues too - the default cert store path of
> /etc/httpd/alias is still used in the deb package, however the correct
> path is /etc/apache2/nssdb.

Good stuff, neatly hardcoded in src/dogtag.c. Thanks for pointing this
out, I'll get that fixed at least..

And as you noticed, packaging nss-pem is not a trivial task because of
the way it uses private NSS api's that the libnss maintainer refuses to
make public.. OpenSSL, anyone? :P

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to