Rob Crittenden provided an NSS update with the following highlights:

o It looks for the NSS database first in the environment variable SSL_DIR, then in /etc/pki/nssdb, then it initializes with no database if neither of those exist. o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be loaded, including the ca-bundle. If it is not available then only certificates already in the NSS database are used. o Tries to detect whether a file or nickname is being passed in so the right thing is done o Added a bit of code to make the output more like the OpenSSL module, including displaying the certificate information when connecting in verbose mode o Improved handling of certificate errors (expired, untrusted, etc) The libnsspem.so PKCS#11 module is currently only available in Fedora 8/rawhide. Work will be done soon to upstream it. The NSS module will work with or without it, all that changes is the source of the certificates and keys.
author: Daniel Stenberg <daniel@haxx.se> 2007-09-18 22:21:54 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2007-09-18 22:21:54 +0000
commit: 8c3f40ee320c419800b97f7ed385c43948970f61 (patch)
tree: f1e57c3b2d09ed1567af8103aba649b6bb32cf36 /CHANGES
parent: b1aafbd95730bd826e55fad9e368630d835df573 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index f3a9ce7e5..52715abcd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,31 @@
 
                                   Changelog
 
+Daniel S (19 September 2007)
+- Rob Crittenden provided an NSS update with the following highlights:
+
+  o It looks for the NSS database first in the environment variable SSL_DIR,
+    then in /etc/pki/nssdb, then it initializes with no database if neither of
+    those exist.
+
+  o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
+    loaded, including the ca-bundle. If it is not available then only
+    certificates already in the NSS database are used.
+
+  o Tries to detect whether a file or nickname is being passed in so the right
+    thing is done
+
+  o Added a bit of code to make the output more like the OpenSSL module,
+    including displaying the certificate information when connecting in
+    verbose mode
+
+  o Improved handling of certificate errors (expired, untrusted, etc)
+
+  The libnsspem.so PKCS#11 module is currently only available in Fedora
+  8/rawhide. Work will be done soon to upstream it. The NSS module will work
+  with or without it, all that changes is the source of the certificates and
+  keys.
+
 Daniel S (18 September 2007)
 - Immanuel pointed out that public key SSH auth failed if no public/private
   key was specified and there was no HOME environment variable, and then it
author	Daniel Stenberg <daniel@haxx.se>	2007-09-18 22:21:54 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2007-09-18 22:21:54 +0000
commit	8c3f40ee320c419800b97f7ed385c43948970f61 (patch)
tree	f1e57c3b2d09ed1567af8103aba649b6bb32cf36 /CHANGES
parent	b1aafbd95730bd826e55fad9e368630d835df573 (diff)