Bug 248730
Summary: | Review Request: nss_compat_ossl - OpenSSL to NSS porting library | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Rob Crittenden <rcritten> |
Component: | Package Review | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | fedora-package-review, notting, sgrubb |
Target Milestone: | --- | Flags: | tmraz:
fedora-review+
wtogami: fedora-cvs+ |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-07-24 18:06:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Rob Crittenden
2007-07-18 13:54:44 UTC
Tangential question - is it clearly defined what limited portion of the OpenSSL API it supports, to easily tell if it will or will not work with a particular client? Or is it just 'if it builds with it, it works'? A very good question. The biggest problems are CRL management and certificate validation. NSS handles CRLs automatically if they are installed into the security database being used. And it does certificate validation a bit differently. I do have some limited support for using a verify_client callback but it is not quite complete. A broad overview of what it can do are: * Creating an SSL server listener and accepting requests * Creating an SSL client socket and making requests * Ciphers that should be compatible with OpenSSL * Client certificate authentication * Random numbers * Token password prompting/handlng nss_compat_ossl.h has the complete list of the API but that can be a bit misleading because some of the functions are no-ops. It doesn't offer: - Low-level crypto (DES,etc) - BIO (a very small portion of that is provided) rpmlint -v nss_compat_ossl-0.9.1-1.src.rpm I: nss_compat_ossl checking W: nss_compat_ossl no-url-tag - as I suppose that upstream HTML pages (trac/wiki) is not yet created, please add URL: tag into spec file as soon as they are. rpmlint -v nss_compat_ossl-0.9.1-1.fc8.x86_64.rpm I: nss_compat_ossl checking W: nss_compat_ossl no-url-tag rpmlint -v nss_compat_ossl-devel-0.9.1-1.fc8.x86_64.rpm I: nss_compat_ossl-devel checking W: nss_compat_ossl-devel no-documentation - this is OK for now, as the docs (LICENSE, README) are in the base package, later developer docs and user docs should be split and developer docs should be installed into -devel subpackage W: nss_compat_ossl-devel no-url-tag rpmlint -v nss_compat_ossl-debuginfo-0.9.1-1.fc8.x86_64.rpm I: nss_compat_ossl-debuginfo checking W: nss_compat_ossl-debuginfo no-url-tag /usr/lib64/libnss_compat_ossl.la is included in the -devel subpackage, please remove it. As you're upstream maintainer - perhaps the COPYING file with GPL should be removed as the package is LGPL licensed (in LICENSE file) to prevent confusion? The file http://directory.fedoraproject.org/sources/nss_compat_ossl-0.9.1.tar.gz is missing on the server. The -devel subpackage probably should require the main package of exactly the same nvr and not >=? Yes, the URL will be added once we get a hom. All other issues addressed. New files uploaded: Spec URL: http://directory.fedoraproject.org/sources/nss_compat_ossl.spec SRPM URL: http://directory.fedoraproject.org/sources/nss_compat_ossl-0.9.1-2.src.rpm I forgot this one - the -devel file list is missing the %defattr(-,root,root,-) declaration. Fixed. Spec URL: http://directory.fedoraproject.org/sources/nss_compat_ossl.spec SRPM URL: http://directory.fedoraproject.org/sources/nss_compat_ossl-0.9.1-3.src.rpm Now everything seems to be OK. rpmlint -v nss_compat_ossl-0.9.1-3.src.rpm I: nss_compat_ossl checking W: nss_compat_ossl no-url-tag rpmlint -v nss_compat_ossl-0.9.1-3.fc8.x86_64.rpm I: nss_compat_ossl checking W: nss_compat_ossl no-url-tag rpmlint -v nss_compat_ossl-devel-0.9.1-3.fc8.x86_64.rpm I: nss_compat_ossl-devel checking W: nss_compat_ossl-devel no-documentation W: nss_compat_ossl-devel no-url-tag rpmlint -v nss_compat_ossl-debuginfo-0.9.1-3.fc8.x86_64.rpm I: nss_compat_ossl-debuginfo checking W: nss_compat_ossl-debuginfo no-url-tag - the rpmlint output is the same as above so the same comments apply APPROVED New Package CVS Request ======================= Package Name: nss_compat_ossl Short Description: OpenSSL to NSS porting library Owners: rcritten, rrelyea Branches: FC-6 F-7 InitialCC: I've only built this on rawhide right now but we have the FC-6 and F-7 branches available if desired. |