a server application using NSS

Mon, 01 Jan 2007 23:50:07 -0800 

Hi Everyone,
I am using NSS for a server application, a multi-threaded program running on Linux. I have encountered a number of questions, and would be glad to know if anyone has more information. My questions are based on following the "Overview of an SSL Application" ( http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslintro.html). 

1.

When writing an application that uses NSS, I would expect all Platform 
Dependent configuration to reside in some configuration file, so that 
the build process of the whole application will not need to be aware of 
these details. However, the platform name and other properties appear 
again and again in the Include path, the Library search path and in 
command line defines, as you can see below - the command is copied from 
running "make" in SSLsample, and contains many references to Linux, 
Unix, x86 etc. Am I missing something here?



... -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1  -ansi -Wall -pipe 
-DHAVE_STRERROR -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE-DXP_UNIX 
-DDEBUG -UNDEBUG -DDEBUG_yahel -D_REENTRANT 
-I../../../../dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/include 
-I../../../../dist/public/nss -I../../../../dist/private/nss 
Linux2.4_x86_glibc_PTH_DBG.OBJ/server.o 
Linux2.4_x86_glibc_PTH_DBG.OBJ/sslsample.o 
../../../../dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/lib/libsectool.a 
-Wl,-rpath,'$ORIGIN/../lib' 
-Wl,-rpath-link,../../../../dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/lib 
-L../../../../dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/lib -lssl3 -lsmime3 
-lnss3 -L../../../../dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/lib -lplc4 
-lplds4 -lnspr4  -lpthread  -ldl -lc


2.
How can I build using only static libraries?

3.

How should an application generate error strings? The examples at 
SSLsample do a very strange trick. On the other hand, selfserv on my 
machine simply finds no error string (for example, when using a bad 
certificate database, error "-8174").


4.

It is explained that we can either configure a listen socket for SSL 
using SSL_ConfigSecureServer(), or listen in the regular manner and then 
configure enable SSL on the socket created by PR_Accept(). Is 
SSL_ConfigSecureServer() just an elegant way to enable SSL on all 
sockets created from some listen socket, and nothing else? Does it add 
any security?


5.

Is there a simple example of an NSS client and server? I understand that 
the SSLsample example are not considered good enough. However, selfserv 
and strsclnt are rather complicated, since they handle  numerous 
configuration options.


6.

bug report - in function setupSSLSocket() of SSLsample/client.c, any 
failure leads to closing tcpSocket, even after SSL_ImportFD(), which 
replaces tcpSocket by sslSocket.



Thanks,
Yahel Zamir.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto






















					Reply via email to