Created attachment 417745 [details] [diff] [review] Proposed patch While investigating whether I can build NSS without nssckbi (the idea is to use the OS's trusted root CA list instead), I found that lib/dev includes headers from lib/ckfw, specifically nssckepv.h and nssckt.h, but lib/dev doesn't need nssckt.h, and nssckepv.h does nothing but include pkcs11.h, so it can be replaced by pkcs11.h. None of the headers in lib/dev are public exports, so this patch won't affect any NSS public headers that we ship.
Comment on attachment 417745 [details] [diff] [review] Proposed patch r+ rrelyea. My guess is Ian was trying to maintain a pure stan include set and wrapped non-stan functions in. If we want to maintain that, then we should move nssckepv to some other directory (like util), but I'm fine with just breaking that pure stan model.
I checked in the patch on the NSS trunk (NSS 3.12.6). Checking in ckhelper.c; /cvsroot/mozilla/security/nss/lib/dev/ckhelper.c,v <-- ckhelper.c new revision: 1.40; previous revision: 1.39 done Checking in ckhelper.h; /cvsroot/mozilla/security/nss/lib/dev/ckhelper.h,v <-- ckhelper.h new revision: 1.20; previous revision: 1.19 done Checking in dev.h; /cvsroot/mozilla/security/nss/lib/dev/dev.h,v <-- dev.h new revision: 1.42; previous revision: 1.41 done Checking in devm.h; /cvsroot/mozilla/security/nss/lib/dev/devm.h,v <-- devm.h new revision: 1.12; previous revision: 1.11 done Checking in devslot.c; /cvsroot/mozilla/security/nss/lib/dev/devslot.c,v <-- devslot.c new revision: 1.26; previous revision: 1.25 done Checking in devt.h; /cvsroot/mozilla/security/nss/lib/dev/devt.h,v <-- devt.h new revision: 1.24; previous revision: 1.23 done Checking in devtoken.c; /cvsroot/mozilla/security/nss/lib/dev/devtoken.c,v <-- devtoken.c new revision: 1.53; previous revision: 1.52 done