Heikki Toivonen wrote:
Rich Megginson wrote:
Has anyone used SWIG to create an NSS wrapper for perl, python, or other
languages? I would really, really, really like to use NSS for crypto
in my scripts, but invariably the only supported crypto is openssl. SWIG
could even be used to create a Java wrapper, possibly making JSS support
easier.
AFAIK no, but I would also be interested in such a thing. I have even
considered starting such a thing myself, but haven't had the time.
Initial thoughts:
http://wiki.osafoundation.org/bin/view/Journal/PyNSSThoughts20060307
Also, bear in mind that exposing more of NSS to XPCOM might be a good
thing. We should probably think about what subset of NSS we'd want to
expose.
There would seem to be two ways to approach this, generally:
1) Write some C middleware around NSS to expose native objects/APIs to
the language. This is how JSS works. There's a considerable amount of C
code in JSS (in the JNI 'native' method implementations) to wrap the NSS
semantics in something approaching the standard Java Cryptographic
Architecture. An example is how we expose an NSPR/NSS socket as a Java
SSLSocket.
2) Another approach might be to automate (using swig?) the export of
most NSS functions wholesale into the language of choice, without any
change of semantics or naming. Then, provide a new abstraction layer
with the language-appropriate semantics, implemented in the language
itself, rather than in C.
There is evidence that people are not happy with the state of affairs
with OpenSSL/perl:
http://brad.livejournal.com/2200932.html
--
Steve Parkinson
Principal Engineer
Red Hat Certificate System
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
