Red Hat Bugzilla – Bug 668887
Switch on use of NSS for krb5 pkinit
Last modified: 2015-04-03 08:45:02 EDT
The krb5 pkinit plugin currently uses OpenSSL to create and parse CMS messages, parse and verify certificates, and generally perform its public key operations. The logic which uses OpenSSL directly is confined to a number of functions exported from one source file. We should finish implementing the same functions using NSS and build using that implementation instead of the one that uses OpenSSL.