[Nut-upsdev] NSS branch testing.

Arnaud Quette aquette.dev at gmail.com
Tue Aug 14 09:49:55 UTC 2012

Hi Rob

I'm taking over the answer, since Emilien (the coder) is on vacation...
Though he kindly took 5 mn to give me the rationales needed.

2012/8/10 Rob Crittenden <rcrit at greyoak.com>

> FredericBohe at Eaton.com wrote:
>> Hello all,
>> In order to prepare the merge of the NSS branch to the trunk, I have
>> validated the code in this branch by passing this validation document
>> written by Emilien Kia :
>> http://www.networkupstools.**org/tmp/NUT-NSS_Mini_DVT_Plan-**final.pdf<http://www.networkupstools.org/tmp/NUT-NSS_Mini_DVT_Plan-final.pdf>
>> The testing has been done on rev 3685 of the ssl-nss-port branch.
>> As you can read, I have found no issue.
>> Let me know if you have any comments on this.
> What is the value of creating two CA's? If you have one infrastructure,
> why not have one CA and issue all certificates from that one CA?

there are 2 CA for testing purposes of cascaded certificates and CA.
Refer to tests to for the end results, you will see that
CA2 cause failures (as expected).

You should also check for the existence of NSPR in NUT_CHECK_LIBNSS,
> especially since you've hardcoded those libraries as a fallback.

valid, I've added it to the TODO list, for post merge.

> It isn't clear, can you have an NSS database with no password set?

not sure.
As per Emilien's comment, this passwd may be used to encrypt the DB.
Thus, no passwd would either mean that the DB is not accessible (if
password is mandatory) or not encrypted.

> In server/netssl.c::nss_error you use a buffer of size SMALLBUF and in
> ssl_error 256. Why the difference?

error on the coder side. I've also added it to the TODO list, for post
though I'm not yet sure which one is the more suitable (not looked at the

 The NSS code looks good to me.

thanks, I like to have tons of eyes looking

@Rob & Michal: side question, what's the NSS status in RedHat? Do you see
anything more we can do in NUT to improve the upcoming NSS / NUT

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/nut-upsdev/attachments/20120814/4bf41402/attachment.html>

More information about the Nut-upsdev mailing list