From 8c3f40ee320c419800b97f7ed385c43948970f61 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 18 Sep 2007 22:21:54 +0000
Subject: Rob Crittenden provided an NSS update with the following highlights:

o It looks for the NSS database first in the environment variable SSL_DIR,
  then in /etc/pki/nssdb, then it initializes with no database if neither of
  those exist.

o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
  loaded, including the ca-bundle. If it is not available then only
  certificates already in the NSS database are used.

o Tries to detect whether a file or nickname is being passed in so the right
  thing is done

o Added a bit of code to make the output more like the OpenSSL module,
  including displaying the certificate information when connecting in
  verbose mode

o Improved handling of certificate errors (expired, untrusted, etc)

The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will work
with or without it, all that changes is the source of the certificates and
keys.
---
 lib/urldata.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/urldata.h')

diff --git a/lib/urldata.h b/lib/urldata.h
index 381849a38..2d09be07b 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -183,6 +183,7 @@ struct ssl_connect_data {
 #endif /* USE_GNUTLS */
 #ifdef USE_NSS
   PRFileDesc *handle;
+  char *client_nickname;
 #endif /* USE_NSS */
 #ifdef USE_QSOSSL
   SSLHandle *handle;
-- 
cgit v1.2.3