On Thu, Apr 22, 2010 at 04:54:33PM -0700, Danek Duvall wrote: > Hai-May Chao wrote: > > > That NSS package contains a shared library database libnssckbi.so which > > defines a set of X509 CA certificates. We need to extract these certs for > > use by OpenSSL consumers. We'd like to have run-time extraction in place > > if possible so we will be able to get the latest cert set when the > > database is updated. > > Frankly, I think you're better off working with the team delivering NSS to > deliver a package containing just the certs in some format that SSL clients > are likely to be able to read (PEM or PKCS8 or whatever), and deliver that > file (or those files) into some well-known location. Dynamic extraction > seems like a very unstable method for delivering a file or set of files.
Yes. I wrote a pair of scripts, one extracts certs from the NSS library, the other pulls the certs from mozilla's source tree. There's no reason why you can't pull the certs from their SVN repository and build your own package that is updated periodically. It's much simpler to do it this way, instead. -j _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
