FredericBohe at Eaton.com wrote:> Hello all,
>
> In order to prepare the merge of the NSS branch to the trunk, I have
> validated the code in this branch by passing this validation document
> written by Emilien Kia :
>
> http://www.networkupstools.org/tmp/NUT-NSS_Mini_DVT_Plan-final.pdf
>
> The testing has been done on rev 3685 of the ssl-nss-port branch.
> As you can read, I have found no issue.
>
> Let me know if you have any comments on this.
What is the value of creating two CA's? If you have one infrastructure,
why not have one CA and issue all certificates from that one CA?
You should also check for the existence of NSPR in NUT_CHECK_LIBNSS,
especially since you've hardcoded those libraries as a fallback.
It isn't clear, can you have an NSS database with no password set?
In server/netssl.c::nss_error you use a buffer of size SMALLBUF and in
ssl_error 256. Why the difference?
The NSS code looks good to me.
regards
rob