Re: Regarding PSM with external SSL library

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Regarding PSM with external SSL library

Ashok Subash
On Jan 6, 6:56 am, Brian Smith <[hidden email]> wrote:

> Ashok Subash wrote:
> > We'll go with your suggestion of using NSS after size reduction for
> > this project for our security requirements. But right now we cannot
> > upgrade to latest firefox due to the current schedule and resources
> > we have for this project. We will follow the guidelines listed in
> > the 611781 as well your other suggestions in the mail. It will be
> > great if you can support us if we hit a roadblock.
>
> The best way to get such support is to attach ask questions and to post your patches in bugs in our bugzilla database. Try to write patches in a way that is beneficial to the overall NSS and Gecko (Firefox) projects, so that we can incorporate those patches into the mainline Gecko and/or NSS source code. If you identify new ways to shrink NSS besides the ways listed in those bugs, then please file new bugs and document your findings in them (And please CC me in the bug report). It is likely that any such reductions in the size of NSS that you make for Firefox 3.6 will be applicable to Firefox 12+ as our usage of NSS hasn't changed much between 3.6 and 12. Whenever I get around to working on bug 611781, the improvements I make will probably benefit your project as well (possibly requiring some small modifications.)
>
> - Brian

Hi Brian,

We have made some progress. We could statically build nss and link on
our platform. Till now NSS Initialization has happened after redirect
for URL http://mail.google.com through a proxy. From the logs i found
that HTTP connect is sent to proxy successfully and 200 OK response
successfully but after that we are not seeing the SSL handshake
happening. We see connection refused error page being displayed. From
the code perspective for some reason nsSSLIOLayerPoll is not being
called. From what i understand TCP Socket Pair that is created for
https sites helps is notifying necko whenever SSL thread IO (send/
recv) is completed. Is that understanding right? Currently for us the
Connect of this local TCP socket pair is failing but we are able to go
ahead as HTTP Connect happens successfully as mentioned earlier

Is there any other porting points i've missed? Your inputs/suggestions
will help us to solve this faster.

Regards
Ashok
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Regarding PSM with external SSL library

Brian Smith-31
Ashok Subash wrote:
> Hi Brian,
>
> We have made some progress. We could statically build nss and link on
> our platform.

Do you mean statically link NSS into Firefox? If so, there are several gotchas that need to be taken into account. See Wan-Teh's patch at https://bugzilla.mozilla.org/show_bug.cgi?id=534471 which addresses some/all of them on Windows for *Chrome*. I imagine the issues are similar but not quite the same for Firefox and/or for other platforms.

> Is there any other porting points i've missed? Your
> inputs/suggestions will help us to solve this faster.

I wish I could be more helpful but it is really hard to tell the problem from the description given. Also, it is hard for me to diagnose problems with Firefox 3.6.x because I have *literally* never even checked out the source code for Firefox 3.6.x before. (I started at Mozilla during the development of 4.0.)

- Brian
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto