Created attachment 332889 [details] [diff] [review] Proposed patch signver is still using static libraries. All it takes to build with shared libraries is to deal with the ASN1 templates on Windows. I hope using SEC_ASN1_GET is the correct fix.
The remaining tools that are using static libraries are: bltest certcgi crmf-cgi dbck ecperf fipstest libpkix/pkixutil ocspclnt rsaperf shlibsign/mangle Some of these, for example, bltest, ecperf, fipstest, and rsaperf must use static libraries. I think only ocspclnt is worth changing to use shared libraries. That would require exporting three functions: CERT_GetEncodedOCSPResponse CERT_CheckOCSPStatus CERT_DecodeOCSPRequest
Wan-Teh, I would not oppose exporting those three functions. Julien, what do you think of that idea?
Nelson, I have some reservations about exporting these functions at this point in time, since we are moving towards making libpkix the default PKIX engine in 3.13, and these functions are not used by the new code at all - ie. they are legacy functions. Exporting them now means a support burden going forward. IMO, it would be preferrable to export and use the new PKIX-equivalent functions.
Comment on attachment 332889 [details] [diff] [review] Proposed patch The patch builds without error on Windows. I haven't tested the resultant build.
I checked in the patch on the NSS trunk (NSS 3.12.2). Checking in manifest.mn; /cvsroot/mozilla/security/nss/cmd/signver/manifest.mn,v <-- manifest.mn new revision: 1.5; previous revision: 1.4 done Checking in pk7print.c; /cvsroot/mozilla/security/nss/cmd/signver/pk7print.c,v <-- pk7print.c new revision: 1.9; previous revision: 1.8 done