The NSS on my Fedora Core 6 system (nss-3.11.7-9) doesn't define the
PKCS#11 bypass functions. Here is a patch that should work around that.
I also needed to build and install my own xalan-c since it isn't
available in FC-6. I pulled the srpm from Fedora 7 and built and
installed that on my system. The server builds ok with it but I haven't
tested it extensively yet.
Note too that the build assumes that Java is in /usr/java.
rob
diff -r dac051af750b src/server/base/sslconf.cpp
--- a/src/server/base/sslconf.cpp Tue Jan 13 10:35:56 2009 -0800
+++ b/src/server/base/sslconf.cpp Tue Jan 13 17:48:15 2009 -0500
@@ -885,6 +885,7 @@ PRBool SSLSocketConfiguration :: check_b
enabledCiphers[i] = (PRUint16)(size_t)enabledList[i];
}
+#ifdef SSL_CBP_SSL3
// check every server key/cert for bypass compatibility
if (ssl3) { protocolmask = SSL_CBP_SSL3; }
@@ -902,6 +903,7 @@ PRBool SSLSocketConfiguration :: check_b
return PR_FALSE;
}
}
+#endif
free(enabledCiphers);
return PR_TRUE;
