Difference between revisions of "XML Signature support without Mozilla"
From Apache OpenOffice Wiki
B michaelsen (Talk | contribs) |
m |
||
Line 120: | Line 120: | ||
* [http://www.aleksey.com/xmlsec/news.html XmlSec library] | * [http://www.aleksey.com/xmlsec/news.html XmlSec library] | ||
* [http://thread.gmane.org/gmane.text.xml.xmlsec/1572 XmlSec 1.2.8 Release Notes - partial NSS support] | * [http://thread.gmane.org/gmane.text.xml.xmlsec/1572 XmlSec 1.2.8 Release Notes - partial NSS support] | ||
− | [[Category:Security]] | + | [[Category:Security]][[Category:Digital Signature]] |
Latest revision as of 05:55, 17 April 2014
This page contains random notes to provide XML DSig support without Mozilla.
We need to use:
- System XmlSec instead of
external/libxmlsec
. This is now a patched version of XmlSec 1.2.6 - System NSS and NSPR instead of the bundled Mozilla libraries. We need to be careful about shared libraries conflict.
Mozilla (MOZ:moz
) is also needed in the dba/connectivity
module for addressbook integration.
Do we have with problem sharing databases with Mozilla (Mozilla bug 217538: softoken databases cannot be shared between multiple processes)?
Steps to do:
- Update XmlSec to
- provide
xmlSecNssAppliedKeysMngrCreate, xmlSecNssAppliedKeysMngrSymKeyLoad, xmlSecNssAppliedKeysMngrPubKeyLoad xmlSecNssAppliedKeysMngrPriKeyLoad
- Check X.509 certificate verification semantics in (possible API breakage here)
- Verify rest of the patch
- Make sure internal XmlSec tests pass
- provide
- Verify that XmlSec is built with NSS support.
- Provide
SYSTEM_NSPR, SYSTEM_NSS, SYSTEM_XMLSEC
environment variables. - Modify
xml/xmlsecurity
module to use system NSS, NSPR and XmlSec library. Preliminary patch:
--- xmlsecurity/util/makefile.mk.orig 2008-04-10 01:46:36.053917594 +0200 +++ xmlsecurity/util/makefile.mk 2008-04-10 01:46:44.443729469 +0200 @@ -47,11 +47,6 @@ .INCLUDE : settings.mk .INCLUDE : $(PRJ)$/util$/target.pmk -.IF "$(WITH_MOZILLA)" == "NO" -@all: - @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity..." -.ENDIF - # --- Files -------------------------------------------------------- BMP_IN=$(PRJ)$/res --- xmlsecurity/source/xmlsec/nss/makefile.mk.orig 2008-04-10 01:46:58.976404741 +0200 +++ xmlsecurity/source/xmlsec/nss/makefile.mk 2008-04-10 02:20:30.562702818 +0200 @@ -55,11 +55,6 @@ .IF "$(CRYPTO_ENGINE)" == "nss" -.IF "$(WITH_MOZILLA)" == "NO" -@all: - @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity/nss" -.ENDIF - .IF "$(SYSTEM_MOZILLA)" != "YES" MOZ_INC = $(SOLARVERSION)$/$(INPATH)$/inc$(UPDMINOREXT)$/mozilla NSS_INC = $(MOZ_INC)$/nss @@ -70,6 +65,20 @@ NSPR_INC = $(MOZ_INC)$/nspr .ENDIF +.IF "$(SYSTEM_NSS)" == "YES" +XMLSEC_INC = /usr/local/include/xmlsec1 +.ELSE +XMLSEC_INC = $(PRJ)$/source$/xmlsec +.ENDIF + +.IF "$(SYSTEM_NSS)" == "YES" +NSS_INC = /usr/local/include/nss/nss +.ENDIF + +.IF "$(SYSTEM_NSPR)" == "YES" +NSPR_INC = /usr/local/include/nspr +.ENDIF + .IF "$(GUI)"=="UNX" .IF "$(COMNAME)"=="sunpro5" CFLAGS += -features=tmplife @@ -121,12 +130,11 @@ SOLARINC += \ -I$(MOZ_INC) \ -I$(NSPR_INC) \ --I$(PRJ)$/source$/xmlsec +-I$(NSS_INC) \ +-I$(XMLSEC_INC) .IF "$(SYSTEM_MOZILLA)" == "YES" -SOLARINC += -DSYSTEM_MOZILLA $(NSS_INC) -.ELSE -SOLARINC += -I$(NSS_INC) +SOLARINC += -DSYSTEM_MOZILLA .ENDIF SLOFILES = \ --- xmlsecurity/source/xmlsec/makefile.mk.orig 2008-04-10 01:45:40.800153175 +0200 +++ xmlsecurity/source/xmlsec/makefile.mk 2008-04-10 01:46:02.219673838 +0200 @@ -53,10 +53,6 @@ CDEFS += -DXMLSEC_CRYPTO_MSCRYPTO -DXMLSEC_NO_XSLT .ELSE CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT -.IF "$(WITH_MOZILLA)" == "NO" -@all: - @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity.." -.ENDIF .ENDIF # --- Files -------------------------------------------------------- --- xmlsecurity/prj/build.lst.orig 2008-04-10 01:40:35.017991731 +0200 +++ xmlsecurity/prj/build.lst 2008-04-10 01:40:57.763482421 +0200 @@ -1,4 +1,4 @@ -xs xmlsecurity : xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NULL +xs xmlsecurity : xmloff unotools offapi unoil svx LIBXMLSEC:libxmlsec NULL xs xmlsecurity usr1 - all xs_mkout NULL xs xmlsecurity\inc nmake - all xs_inc NULL xs xmlsecurity\source\framework nmake - all xs_fw xs_inc NULL
Related:
- CWS SRC680 systemmozilla
- all isues with mozilla in subject
- Issue 6391 Mozilla 1.0 does not support concurrent multiple versions using same profile (FIXED)
- Issue 8864 Accessing LDAP or Outlook/Express should not activate Mozilla prefs
- Issue 65775 update mozilla bootstrap stuff for a recent mozilla API
- Issue 81295 Adopt Mac OS X crypto API instead of using Mozilla's
- Patch to use system XmlSec from 2005
References: