[Swan] NSS transition questions

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Fri May 24 17:38:51 EEST 2013


On Fri, May 24, 2013 at 10:18:22AM -0400, Paul Wouters wrote:
> You are changing the parameters that go into the NSS functions, and not
> use NSS native functions with their certifications for your own custom
> code. Also, it introduces errors. For instance recently we cleaned up
> a conversion from ASN.1 byte stream with a leading signed/unsigned zero
> byte to bignum and back, which was introduced to remove that
> signed/unsigned zero, because it causes an error for each CRL signature
> whose first signature byte also started with a zero byte, as the bignum
> conversion removed both leading zero bytes.
> 
> ASN.1 parsers are hard. NSS used to have three, now they have two. I'd
> like us to have none :)

Makes sense.  Less duplication of code is always nice.  Reduces bug counts.

-- 
Len Sorensen


More information about the Swan mailing list