Nelson B Bolyard <nelson <at> bolyard.com> writes: (replying a bit out of context to sorry if the threading is not kept perfectly intact)
> > Since NSS support has been added to cURL library, > > No kidding! When did that happen? Since about February 2007 and at least Fedora 9 ships curl build against NSS these days. I understand that I'll come out and appear as a complete whiner here but I'll ignore that for a second and I'll respond here and stand up for my criticism that is quite obvious if you follow the libcurl development. Of course I hope that I can contribute with input and feedback that helps to improve NSS for the future. > > Are there any plans going on to make the interface of curl and NSS > > easier and better ? > > There's work underway to add NSS to the LSB (the Linux System Base > software). As part of that work, I think the issue of the "correct" > path name for include files will get resolved in a consistent manner. That sounds great. Of course there's no need to do anything "LSB", you could just at this very moment establish a subdir (called say "nss") that you use for your public headers and make sure that's the way all distros would use. The current flux is terrible for apps trying to use NSS. > That page mentions a failed attempt to build NSS 3.12 due to missing > files of some sort, but it doesn't provide any details. Did you ever try to build the 3.12 from the tarball? First I of course strongly dislike that there's no install/build instructions in the tarball, then I dislike that I have to chase around in subdirs of the package to figure out where to build and then when I invoke what I think is the correct build line: "make nss_build_all" I pretty soon get this: gcc -o Linux2.6_x86_glibc_PTH_DBG.OBJ/nsinstall -g -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR -DXP_UNIX -DDEBUG -UNDEBUG -DDEBUG_daniel -D_REENTRANT -DUSE_UTIL_DIRECTLY -I../../../dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf Linux2.6_x86_glibc_PTH_DBG.OBJ/nsinstall.o Linux2.6_x86_glibc_PTH_DBG.OBJ/pathsub.o -lpthread -ldl -lc true -m 775 Linux2.6_x86_glibc_PTH_DBG.OBJ/nsinstall ../../../dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin make[2]: Leaving directory `/home/daniel/src/nss-3.12/mozilla/security/coreconf/nsinstall' make[1]: Leaving directory `/home/daniel/src/nss-3.12/mozilla/security/coreconf' make: *** No rule to make target ../../nsprpub/configure. Stop. make: *** [../../nsprpub/configure] Error 1 Problems with the tarball? Did I run the wrong build command? (This is on a recently dist-upgraded 32bit Debian Unstable) > Suggestion: NSS problems don't get solved by bemoaning them on blog sites. That's the curl CVS repo. Calling that a "blog site" is only amusing. > People should file bugs in bugzilla.mozilla.org, I actually considered that for a moment but then I got scared by all the complexity and feeling of unsurmountable amounts of information and data that is there. Also, I'm but the primary author of curl and libcurl and we can use five different SSL/TLS libraries and NSS is just one of them. If one of our possible third-party libs is a bit less fine than the others, I just document that knowledge to let my users know about it and then I go on with my life. curl can use something like 10-12 different third party libs and I don't keep up with them all. I'd say that NSS has several weak spots that need to be improved before it becomes a fine member of the big open source family: * docs (building it, using it, APIs etc) * info about processes such as mailing lists, development and bug tracking * building from source In my eyes, NSS seems to suffer from being used primarily as part of Mozilla's tools, so you don't have a proper project web site, docs and info setup for the NSS alone when used separate from everything else on mozilla.org. Like we use it in libcurl. Instead, all the NSS details drown in general Mozilla stuff and assumptions that I would know about mozilla things when all I want is info on NSS as a stand-alone library for SSL/TLS. > or at least write to us here in this list (like you did, Ruchi, Thanks!). I didn't even understand what mailing list to use since there's no nss-users nor nss-dev list or anything. dev-tech-crypto you say? (I found your list today through your mention of libcurl when I searched gmane.org). -- / daniel.haxx.se _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
