You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by Peter Kovacs <pe...@apache.org> on 2022/12/21 13:37:21 UTC
nss has included sqlite instance
Are we aware on this dependency?
I am running into compiler issues using gcc 11.3 from ubuntu 22.04 LTS.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: nss has included sqlite instance
Posted by Damjan Jovanovic <da...@apache.org>.
On Wed, Dec 21, 2022 at 7:51 PM Peter Kovacs <pe...@apache.org> wrote:
>
> Am 21.12.22 um 18:22 schrieb Damjan Jovanovic:
> > On Wed, Dec 21, 2022 at 3:37 PM Peter Kovacs <pe...@apache.org> wrote:
> >
> >> Are we aware on this dependency?
> >>
> >> I am running into compiler issues using gcc 11.3 from ubuntu 22.04 LTS.
> >>
> >>
> > I am aware. I discovered, and might even have proposed on this list, that
> > we use that sqlite database ourselves, to import its CA root
> certificates,
> > without needing to build and ship NSS as a dependency.
>
> I remember we discussed sqlite in the topic "[discussion] future
> embedded DB in AOO".
>
> Maybe I missed the point. Or do you refer to the attempt to replace nss
> with openssl?
>
>
>
Yes, a possible replacement was intended. It was a 22 May 2022 email about
the new WebDAV module and CA certificate use by Curl and OpenSSL where I
said:
---quote---
With the CURLOPT_CAINFO_BLOB option it might even be possible to skip the
custom certificate verification we do later, and pre-populate Curl/OpenSSL
with NSS certificates from the beginning, I just don't know enough about NSS
to rely on that (eg. if you are using a cryptographic device or smart card
in NSS, how does that work?). If that option is ok, then we might not even
need the NSS libraries: recent versions of NSS store all the certificates
in an SQLite database, which can be accessed with SQLite APIs directly, no
need to build with or ship the NSS libraries at all.
---quote---
More recently I discovered p11-kit / p11-glue has the "trust" CLI tool (if
not something better) which can also provide those certificates on
Linux/BSD, so we wouldn't even need to ship SQLite.
Re: nss has included sqlite instance
Posted by Peter Kovacs <pe...@apache.org>.
Am 21.12.22 um 18:22 schrieb Damjan Jovanovic:
> On Wed, Dec 21, 2022 at 3:37 PM Peter Kovacs <pe...@apache.org> wrote:
>
>> Are we aware on this dependency?
>>
>> I am running into compiler issues using gcc 11.3 from ubuntu 22.04 LTS.
>>
>>
> I am aware. I discovered, and might even have proposed on this list, that
> we use that sqlite database ourselves, to import its CA root certificates,
> without needing to build and ship NSS as a dependency.
I remember we discussed sqlite in the topic "[discussion] future
embedded DB in AOO".
Maybe I missed the point. Or do you refer to the attempt to replace nss
with openssl?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: nss has included sqlite instance
Posted by Damjan Jovanovic <da...@apache.org>.
On Wed, Dec 21, 2022 at 3:37 PM Peter Kovacs <pe...@apache.org> wrote:
> Are we aware on this dependency?
>
> I am running into compiler issues using gcc 11.3 from ubuntu 22.04 LTS.
>
>
I am aware. I discovered, and might even have proposed on this list, that
we use that sqlite database ourselves, to import its CA root certificates,
without needing to build and ship NSS as a dependency.
Damjan