Bug 248730

Tangential question - is it clearly defined what limited portion of the OpenSSL
API it supports, to easily tell if it will or will not work with a particular
client?

Or is it just 'if it builds with it, it works'?

A very good question. The biggest problems are CRL management and certificate
validation. 

NSS handles CRLs automatically if they are installed into the security database
being used.

And it does certificate validation a bit differently. I do have some limited
support for using a verify_client callback but it is not quite complete.

A broad overview of what it can do are:

    * Creating an SSL server listener and accepting requests
    * Creating an SSL client socket and making requests
    * Ciphers that should be compatible with OpenSSL
    * Client certificate authentication
    * Random numbers
    * Token password prompting/handlng

nss_compat_ossl.h has the complete list of the API but that can be a bit
misleading because some of the functions are no-ops.

It doesn't offer:

- Low-level crypto (DES,etc)
- BIO (a very small portion of that is provided)

rpmlint -v nss_compat_ossl-0.9.1-1.src.rpm 
I: nss_compat_ossl checking
W: nss_compat_ossl no-url-tag
- as I suppose that upstream HTML pages (trac/wiki) is not yet created, please
add URL: tag into spec file as soon as they are.

rpmlint -v nss_compat_ossl-0.9.1-1.fc8.x86_64.rpm
I: nss_compat_ossl checking
W: nss_compat_ossl no-url-tag

rpmlint -v nss_compat_ossl-devel-0.9.1-1.fc8.x86_64.rpm
I: nss_compat_ossl-devel checking
W: nss_compat_ossl-devel no-documentation
- this is OK for now, as the docs (LICENSE, README) are in the base package,
later developer docs and user docs should be split and developer docs should be
installed into -devel subpackage
W: nss_compat_ossl-devel no-url-tag

rpmlint -v nss_compat_ossl-debuginfo-0.9.1-1.fc8.x86_64.rpm
I: nss_compat_ossl-debuginfo checking
W: nss_compat_ossl-debuginfo no-url-tag

/usr/lib64/libnss_compat_ossl.la is included in the -devel subpackage, please
remove it.

As you're upstream maintainer - perhaps the COPYING file with GPL should be
removed as the package is LGPL licensed (in LICENSE file) to prevent confusion?

The file http://directory.fedoraproject.org/sources/nss_compat_ossl-0.9.1.tar.gz
is missing on the server.

The -devel subpackage probably should require the main package of exactly the
same nvr and not >=?

Yes, the URL will be added once we get a hom.

All other issues addressed. New files uploaded:

Spec URL: http://directory.fedoraproject.org/sources/nss_compat_ossl.spec
SRPM URL: http://directory.fedoraproject.org/sources/nss_compat_ossl-0.9.1-2.src.rpm

I forgot this one - the -devel file list is missing the %defattr(-,root,root,-)
declaration.

Fixed. 

Spec URL: http://directory.fedoraproject.org/sources/nss_compat_ossl.spec
SRPM URL: http://directory.fedoraproject.org/sources/nss_compat_ossl-0.9.1-3.src.rpm

Now everything seems to be OK.

rpmlint -v nss_compat_ossl-0.9.1-3.src.rpm 
I: nss_compat_ossl checking
W: nss_compat_ossl no-url-tag

rpmlint -v nss_compat_ossl-0.9.1-3.fc8.x86_64.rpm
I: nss_compat_ossl checking
W: nss_compat_ossl no-url-tag

rpmlint -v nss_compat_ossl-devel-0.9.1-3.fc8.x86_64.rpm
I: nss_compat_ossl-devel checking
W: nss_compat_ossl-devel no-documentation
W: nss_compat_ossl-devel no-url-tag

rpmlint -v nss_compat_ossl-debuginfo-0.9.1-3.fc8.x86_64.rpm
I: nss_compat_ossl-debuginfo checking
W: nss_compat_ossl-debuginfo no-url-tag

- the rpmlint output is the same as above so the same comments apply

APPROVED

New Package CVS Request
=======================
Package Name: nss_compat_ossl
Short Description: OpenSSL to NSS porting library
Owners: rcritten, rrelyea
Branches: FC-6 F-7
InitialCC: 

I've only built this on rawhide right now but we have the FC-6 and F-7 branches
available if desired.