|
Content:
About:
E_NSS is an OpenSSL "loadable cryptographic module"(engine) that use keys and
certificates stored in Mozilla "Network Security Services"(NSS) database.
NSS is used in a variety of products, including the following:
- Mozilla based products, like Firefox, SeaMonkey, Thunderbird and etc.
- Office software suite(word processing, spreadsheets and etc.), like OpenOffice and LibreOffice
- Instant messaging, like Pidgin
- Various directory servers
News:
- 20 Aug 2016 : Released e_nss 2.0
- Changelog:
-
- OpenSSL STORE functionality
Version implements upcoming OpenSSL (1.1.1) STORE functionality.
Used scheme prefix is "nss:".
Existing engine commands are available with corresponding store URI:
- nss:list=all
- nss:list=ca
- nss:list=user
List "nicknames" of all, CA, or user certificates stored in NSS database.
- nss:cert=nickname
Extract X.509 certificate for gives "nickname".
- nss:key=nickname
Extract key for gives "nickname".
- nss:nickname
Extract key and X.509 certificate for gives "nickname".
- RSA OAEP padding
Support OAEP padding for RSA keys (requires NSS 3.16.2 or newer)
- build and tests fixes
- 16 Dec 2016 : Released e_nss 1.1
- Changelog:
-
- dynamic allocation of user interface prompt
Engine uses default application UI(user interface) method as password prompt
when NSS database request password authentication.
- suppress harmless warnings with legacy OpenSSL versions
- 8 Sep 2016 : Released e_nss 1.0.1
- Changelog:
-
- restore build for OpenSSL 0.9.7*
- 27 Aug 2016 : Released e_nss 1.0
- Changelog:
-
- Support OpenSSL 1.1
Code is updated to use OpenSSL 1.1 API with backport of used functions if build is with previous OpenSSL versions.
Note that name of cryptographic module is changed to "e_nss", i.e. without "lib" prefix.
You must specify path to engine directory with configure option "--with-enginesdir".
- 17 Jan 2016 : Released e_nss 0.6
- Changelog:
-
- EC_KEY method for upcomming OpenSSL 1.1
- work in FIPS enabled mode(either OpenSSL or NSS module)
- partial implemention of rsa_priv_enc - if input is X.509 signature
- 6 Jun 2015 : Released e_nss 0.5
- Changelog:
-
- support EC keys
- late NSS db initialization
- 6 Sep 2013 : Released e_nss 0.4.2
- Changelog:
-
- improve engine setup by openssl config file
- fix GCC pedantic warnings
- 25 Jan 2013 : Released e_nss 0.4.1
- Changelog:
-
- support openssl 0.9.7 - 1.0.1
- automake 1.13 ready
- 12 Jan 2012 : Released e_nss 0.4
- Changelog:
-
- support openssl 0.9.7 - 1.0.1(beta)
- build on various linux distibutions
- OpenSSL<->NSS sign/verify test
- 8 Oct 2011 : Released e_nss 0.3
- Changelog:
-
- two new internal commands
E_NSS_CMD_LOAD_CERT - Return certificate found by specified nickname
E_NSS_CMD_EVP_CERT - Return certificate for specified EVP KEY
Applications should use those commads to get X.509 certificate encoded in DER format.
- own output of certificate distiguished name
NSS library cut long names of distinguished name attributes.
The cut is based on position and if break display of UTF-8 encoded attribute if position is inside mutibite sequence.
|
![[empty image]](../images/clean.gif){kind=small}
