Paul Hoffman wrote:
> At 12:47 PM -0800 1/8/07, Nelson B wrote:
>> Paul Hoffman wrote:
>>> At 9:41 AM -0800 1/8/07, Nelson B wrote:
>>>> Paul Hoffman wrote:
>>>>> Greetings. I'm running NSS 3.11.4 and would like write / read ECDSA
>>>>> certificates. Does the current version support ECDSA? I have no
>>>>> problem creating, for example, DSA cert requests, but trying to use
>>>>> "-k ecdsa" fails with:
>>>>> certutil -k: ecdsa is not a recognized type.
>>>> Try: -k ec
>>>
>>> Nope:
>>>
>>> # certutil -R -s "CN=ECDSA" -o ecdsareq.req -k ec
>>> certutil -k: ec is not a recognized type.
>>>
>>> Other thoughts?
>>
>> ECC is an optional feature of NSS. NSS can be built with or without ECC.
>
> Could you explain how?
Numerous optional features of NSS builds are controlled through make
variables. Make variables may be set on the gmake command line, e.g.
gmake variable=value variable=value target1 target2
or defined in the environment, e.g. (for posix shells)
variable=value; export variable
gmake target1 target2
Here are some (not all) of the make variables that affect NSS builds:
BUILD_OPT IF set to 1, means do optimized non-DEBUG build.
Default is DEBUG, non-optimized build
USE_DEBUG_RTL If set to 1, on windows, causes build with debug version
of the c runtime.
NS_USE_GCC On platforms where gcc is not the native compiler, tells
NSS to build with gcc instead of the native compiler.
Default is to build with the native compiler.
USE_64 On platforms that support both 32-bit and 64-bit ABIs,
tells NSS to build for the 64-bit ABI. Default is 32-bit ABI,
except on platforms that do not support a 32-bit ABI.
MOZ_DEBUG_SYMBOLS tells NSS to build with debug symbols, even in an
optimized build. On windows, in both DEBUG and optimized
builds, when using MSVC, tells NSS to put symbols in a
.pdb file. Required to build with MSVC 8 (2005 Express).
Default is not to put debug symbols into optimized builds,
and for MSVC, is to put symbols into the .exe or .dll file.
NSS_ENABLE_ECC If set to 1, includes optional ECC features in NSS
These variables should be either undefined, or set to "1".
Results are undefined for variables set to "0".
> I have now built the FreeBSD port, which is pulled directly from
> ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_4_RTM/src/,
> and I still get the same error. There is nothing in the FreeBSD port
> Makefile that looks like it turns off ECC, and I see nothing in the
> tarball's Makefile that says anything about turning off or on ECC.
> Any help would be appreciated.
/Nelson
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
