New NSS feature in Glibc's libcrypt
robert at linuxfromscratch.org
Wed Dec 30 15:57:16 PST 2009
Glibc-2.11's libcrypt has a new optional dependency on Network Security
Services (NSS) from Mozilla. If NSS is installed, the option in Glibc
is --enable-nss-crypt. There is a description under the heading "Use NSS in
This is pretty much what I wanted from OpenSSL's libcrypto.
When this feature is enabled libcrypt is linked to libfreebl3, and will use
the md5/sha* library functions from libfreebl3, which would otherwise be
built into a standalone libcrypt.
The idea is that all packages get their crypto and hash functions from the
same trusted place (OpenSSL will remain an exception). So trust, and
vulnerabilities, are centralized and easier to maintain (and in Redhat's
case, to certify).
This feature is transparent to package maintainers and system administrators.
Packages can continue to use libcrypt just like before.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
More information about the hlfs-dev