diff options
author | Daniel Stenberg <daniel@haxx.se> | 2007-09-18 22:21:54 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2007-09-18 22:21:54 +0000 |
commit | 8c3f40ee320c419800b97f7ed385c43948970f61 (patch) | |
tree | f1e57c3b2d09ed1567af8103aba649b6bb32cf36 /configure.ac | |
parent | b1aafbd95730bd826e55fad9e368630d835df573 (diff) |
Rob Crittenden provided an NSS update with the following highlights:
o It looks for the NSS database first in the environment variable SSL_DIR,
then in /etc/pki/nssdb, then it initializes with no database if neither of
those exist.
o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
loaded, including the ca-bundle. If it is not available then only
certificates already in the NSS database are used.
o Tries to detect whether a file or nickname is being passed in so the right
thing is done
o Added a bit of code to make the output more like the OpenSSL module,
including displaying the certificate information when connecting in
verbose mode
o Improved handling of certificate errors (expired, untrusted, etc)
The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will work
with or without it, all that changes is the source of the certificates and
keys.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index c793c28b3..d93fc49cc 100644 --- a/configure.ac +++ b/configure.ac @@ -1470,6 +1470,14 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then version="unknown" gtlsprefix=$OPT_GNUTLS fi + + dnl Check for functionPK11_CreateGenericObject + dnl this is needed for using the PEM PKCS#11 module + AC_CHECK_LIB(nss3, PK11_CreateGenericObject-d, + [ + AC_DEFINE(HAVE_PK11_CREATEGENERICOBJECT, 1, [if you have the function PK11_CreateGenericObject]) + AC_SUBST(HAVE_PK11_CREATEGENERICOBJECT, [1]) + ]) if test -n "$addlib"; then CLEANLIBS="$LIBS" @@ -1521,7 +1529,7 @@ dnl ********************************************************************** dnl Check for the CA bundle dnl ********************************************************************** -if test X"$USE_GNUTLS$OPENSSL_ENABLED" != "X"; then +if test X"$USE_NSS$USE_GNUTLS$OPENSSL_ENABLED" != "X"; then AC_MSG_CHECKING([CA cert bundle install path]) |