Introduction to NSS
The Network Security Services (NSS) package is a set of libraries
designed to support cross-platform development of security-enabled
client and server applications. Applications built with NSS can
support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
S/MIME, X.509 v3 certificates, and other security standards. This
is useful for implementing SSL and S/MIME or other Internet
security standards into an application.
![[Note]](../images/note.png)
Note
This may take a while to build. Feel free to do something else
while this is building.
Additional Downloads
NSS Dependencies
Required
NSPR-4.37
Installation of NSS
Install NSS by running the following commands:
patch -Np1 -i ../nss-standalone-1.patch &&
cd nss &&
make BUILD_OPT=1 \
NSPR_INCLUDE_DIR=/usr/include/nspr \
USE_SYSTEM_ZLIB=1 \
ZLIB_LIBS=-lz \
NSS_ENABLE_WERROR=0 \
USE_64=1 \
NSS_USE_SYSTEM_SQLITE=1
Now, as the root user:
cd ../dist &&
install -vDm755 Linux*/lib/*.so -t /usr/lib/ &&
install -vDm644 Linux*/lib/{*.chk,libcrmf.a} -t /usr/lib/ &&
install -vdm755 /usr/include/nss &&
cp -v -RL {public,private}/nss/* /usr/include/nss &&
install -vDm755 Linux*/bin/{certutil,nss-config,pk12util} -t /usr/bin/ &&
install -vDm644 Linux*/lib/pkgconfig/nss.pc -t /usr/lib/pkgconfig/
lib32 Installation of NSS
Install lib32-NSS by running the following commands:
cd ../nss &&
find -name "Linux*.OBJ" -type d -exec rm -rf {} + &&
rm -rf ../dist &&
CC="gcc -m32" CXX="g++ -m32" \
make BUILD_OPT=1 \
NSPR_INCLUDE_DIR=/usr/include/nspr \
USE_SYSTEM_ZLIB=1 \
ZLIB_LIBS=-lz \
NSS_ENABLE_WERROR=0 \
NSS_USE_SYSTEM_SQLITE=1
Now, as the root user:
cd ../dist &&
install -vDm755 Linux*/lib/*.so -t /usr/lib32/ &&
install -vDm644 Linux*/lib/{*.chk,libcrmf.a} -t /usr/lib32/ &&
sed -i 's/lib/lib32/g' Linux*/lib/pkgconfig/nss.pc &&
install -vDm644 Linux*/lib/pkgconfig/nss.pc -t /usr/lib32/pkgconfig/ &&
ldconfig
Command Explanations
Note
For a full list of options, inspect the Makefile and the various files in nss-3.115.1/nss/coreconf/.
BUILD_OPT=1: This option is
passed to make so
that the build is performed with no debugging symbols built into
the binaries and the default compiler optimizations are used.
NSPR_INCLUDE_DIR=/usr/include/nspr:
This option sets the location of the nspr headers.
USE_SYSTEM_ZLIB=1: This
option is passed to make to ensure that the
libssl3.so library is linked to the
system installed zlib instead of the in-tree version.
ZLIB_LIBS=-lz: This option
provides the linker flags needed to link to the system zlib.
USE_64=1: This is
required on x86_64,
otherwise make will
try (and fail) to create 32-bit objects for the normal
installation.
NSS_ENABLE_WERROR=0: This
option disables -Werror (warnings being counted as errors).
NSS_USE_SYSTEM_SQLITE=1:
This option enables SQLite support which was built in LFS/MLFS.
Contents
Installed Programs:
certutil, nss-config, and pk12util
Installed Libraries:
libcrmf (static), libfreebl3,
libfreeblpriv3, libnss3, libnssckbi, libnssckbi-testlib,
libnssdbm3, libnsssysinit, libnssutil3, libpkcs11testmodule,
libsmime3, libsoftokn3, and libssl3
Installed Directories:
/usr/include/nss
Short Descriptions
|
certutil
|
is the Mozilla Certificate Database Tool. It is a
command-line utility that can create and modify the
Netscape Communicator cert8.db and key3.db database
files. It can also list, generate, modify, or delete
certificates within the cert8.db file and create or
change the password, generate new public and private key
pairs, display the contents of the key database, or
delete key pairs within the key3.db file
|
|
nss-config
|
is used to determine the NSS library settings of the
installed NSS libraries
|
|
pk12util
|
is a tool for importing certificates and keys from pkcs
#12 files into NSS or exporting them. It can also list
certificates and keys in such files
|