support running against nss >= 3.52 #524
Conversation
Fix for cisco#523 This is described in more detail at: https://bugzilla.mozilla.org/show_bug.cgi?id=1637488#c3 Have decided to go with using NSS_PKCS11_2_0_COMPAT for now as it provides the most fexibility. Consider moving to the new PK11_AEADOp api in the future but that will put a requirment on nss version at both compile and run time.
There was a problem hiding this comment.
I would prefer an approach here that's more future-oriented. For example, perhaps we could offer consumers a switch to enable old NSS, and map things over internally to libsrtp. (So that we could delete the old path easily when compat is no longer needed.)
If that's too hard, this is a fine hack. But as @martinthomson suggests, we should file an issue to move to the new API.
| @@ -42,6 +42,9 @@ | |||
| #include "alloc.h" | |||
| #include "err.h" /* for srtp_debug */ | |||
| #include "auth_test_cases.h" | |||
|
|
|||
| #define NSS_PKCS11_2_0_COMPAT 1 | |||
There was a problem hiding this comment.
Do we need this flag outside of the GCM case?
There was a problem hiding this comment.
likely not i was just being consistent with setting it before all includes
|
#525 is a follow on issues. Until there is value in placing the burden of a version check (build/runtime) on uses of libsrtp I think this is the best solution. |
Fix for #523
This is described in more detail at:
https://bugzilla.mozilla.org/show_bug.cgi?id=1637488#c3
Have decided to go with using NSS_PKCS11_2_0_COMPAT for now
as it provides the most fexibility.
Consider moving to the new PK11_AEADOp api in the future but
that will put a requirment on nss version at both compile and
run time.