On 2009-06-05 03:16 PDT, Néric wrote: > > Hi Nelson, > > First of all, thank you very much for your time and for the quality > answers. I’ve understood everything except but one thing: > Did you really mean that I could have 2 versions of NSS on my computer? > One for Debian and one specific to Mozilla products.
Yes. Since they have different file names and may live in separate directories, you can have two flavors at once. > And then what would exactly the purpose of Debian NSS? It is used by Debian's version of mozilla-derived products. For example, if I'm not mistaken, Debian has products named "IceApe" and "IceWeasel" which are derived by Debian from Firefox and Thunderbird sources. They use Debian's special NSS. > Also, if there are 2 libraries, do they use the same keystore??? They could. I'm not aware of any changes that would make the DB files incompatible between the two versions. > (For example, in a Windows environment there is Windows Key store and > one specific to firefox (mozilla), is it the same for Linux, one general > keystore and one specific to Mozilla?) I can't speak for all Linux distros, but I believe the answer for Debian is Yes. > I have installed Firefox 3 through my debian packet synaptic manager (so > firefox3 is specific to debian!). Is Firefox the program that you're trying to get to use AIAs and CDPs? Firefox does not do that yet, not even when it has NSS 3.12. Recall that I wrote: >> NSS 3.12 has a new cert path validation function that will pay >> attention to those extensions, if you tell it to do so in the function >> arguments. Any program written to use NSS before 3.12 was released >> does not use the new feature. Firefox 3 does not yet use this new feature. > Does Firefox 3 is always built with the NSS 3.xxxxx library (are the two > "3" related) or could I have a Firefox 3 with a NSS 2.yyyyy? No, the two 3's are not related. When built by the folks at Mozilla, Firefox 3 always uses NSS 3.12.x. Firefox 2 always uses NSS 3.11.x. There are some other parties that build their own versions of Firefox that use other versions of NSS than the version used by Mozilla. NSS 2.x was a closed source version of NSS that existed back when it was a crime in the US to open source crypto code. It was replaced by NSS 3.x in the year 2000 when the rules changed. All open source versions of NSS are have version number 3.x.y for some x and y. > How can I know the version of my NSS??? First, you must know which NSS files are being used by your program. Then, when you know that, you can find the version number of those NSS files. The ldd program will tell you which particular NSS file is used by your program. For firefox, you may need to run it on the executable and also on each of Firefox's shared libraries to find the one that uses NSS. Then once you have found the pathname of the NSS shared library, you can run the ident program on that shared library file. If that doesn't work, you can try this command: strings /foo/libnss3.so | fgrep 3.1 where /foo/libnss3.so is replaced by the pathname for your copy as revealed by the ldd program. > Thanks a lot, have a nice week end -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
