banner



Home  ›  How To Check Nss Version In Linux

How To Check Nss Version In Linux

Written By Monday, January 2, 2023 Add Comment Edit

NSS-3.86

Introduction to NSS

The Network Security Services (NSS) packet is a set up of libraries designed to support cantankerous-platform evolution of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #eleven, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. This is useful for implementing SSL and S/MIME or other Net security standards into an awarding.

[Note]

Notation

Development versions of BLFS may not build or run some packages properly if dependencies have been updated since the nearly recent stable versions of the book.

Package Information

  • Download (HTTP): https://annal.mozilla.org/pub/security/nss/releases/NSS_3_86_RTM/src/nss-3.86.tar.gz

  • Download MD5 sum: 1f8cb0771f0ee64a4e891745b37f3098

  • Download size: 69 MB

  • Estimated disk infinite required: 317 MB (add together 154 MB for tests)

  • Estimated build time: 2.3 SBU (with parallelism=4, add less than 20 SBU for tests on AMD ryzens or at least 30 SBU on Intel machines)

Additional Downloads

  • Required patch: https://www.linuxfromscratch.org/patches/blfs/svn/nss-3.86-standalone-1.patch

NSS Dependencies

Required

NSPR-four.35

Recommended

SQLite-3.40.1 and p11-kit-0.24.1 (runtime)

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/nss

Installation of NSS

Install NSS by running the following commands: 

            patch -Np1 -i ../nss-3.86-standalone-1.patch &&  cd nss &&  brand BUILD_OPT=1                  \   NSPR_INCLUDE_DIR=/usr/include/nspr  \   USE_SYSTEM_ZLIB=ane                   \   ZLIB_LIBS=-lz                       \   NSS_ENABLE_WERROR=0                 \   $([ $(uname -thou) = x86_64 ] && repeat USE_64=1) \   $([ -f /usr/include/sqlite3.h ] && echo NSS_USE_SYSTEM_SQLITE=ane)

To run the tests, execute the following commands: 

            cd tests && HOST=localhost DOMSUF=localdomain ./all.sh cd ../

[Note]

Notation

Some information about the tests:

  • HOST=localhost and DOMSUF=localdomain are required. Without these variables, a FQDN is required to be specified and this generic way should piece of work for everyone, provided localhost.localdomain is defined in /etc/hosts, as washed in the lfs book.

  • The tests take an extremely long time to run. If desired there is information in the all.sh script virtually running subsets of the total test suite.

  • When interrupting the tests, the examination suite fails to spin down exam servers that are run. This leads to an infinite loop in the tests where the test suite tries to impale a server that doesn't exist anymore because information technology pulls the wrong PID.

  • Test suite results (in HTML format!) can be found at ../../test_results/security/localhost.ane/results.html

  • A few tests might fail on some Intel machines for unknown reasons.

Now, every bit the root user: 

            cd ../dist                                                          &&  install -v -m755 Linux*/lib/*.so              /usr/lib              && install -five -m644 Linux*/lib/{*.chk,libcrmf.a} /usr/lib              &&  install -5 -m755 -d                           /usr/include/nss      && cp -5 -RL {public,private}/nss/*              /usr/include/nss      && chmod -v 644                                  /usr/include/nss/*    &&  install -v -m755 Linux*/bin/{certutil,nss-config,pk12util} /usr/bin &&  install -v -m644 Linux*/lib/pkgconfig/nss.pc  /usr/lib/pkgconfig

Control Explanations

BUILD_OPT=1 : This option is passed to make so that the build is performed with no debugging symbols congenital into the binaries and the default compiler optimizations are used.

NSPR_INCLUDE_DIR=/usr/include/nspr : This option sets the location of the nspr headers.

USE_SYSTEM_ZLIB=ane : This option is passed to brand to ensure that the libssl3.so library is linked to the arrangement installed zlib instead of the in-tree version.

ZLIB_LIBS=-lz : This option provides the linker flags needed to link to the organization zlib.

$([ $(uname -m) = x86_64 ] && echo USE_64=1) : The USE_64=1 pick is required on x86_64 , otherwise make will attempt (and neglect) to create 32-scrap objects. The [ $(uname -1000) = x86_64 ] test ensures it has no event on a 32 bit system.

([ -f /usr/include/sqlite3.h ] && echo NSS_USE_SYSTEM_SQLITE=1) : This tests if sqlite is installed and if so it echo s the pick NSS_USE_SYSTEM_SQLITE=i to make so that libsoftokn3.so will link against the system version of sqlite.

NSS_DISABLE_GTESTS=1: If yous don't demand to run NSS test suite, append this pick to brand control, to prevent the compilation of tests and save some build time.

Configuring NSS

If p11-kit-0.24.1 is installed, the p11-kit trust module (/usr/lib/pkcs11/p11-kit-trust.so) can exist used as a drib-in replacement for /usr/lib/libnssckbi.so to transparently make the organization CAs available to NSS aware applications, rather than the static list provided by /usr/lib/libnssckbi.then. Every bit the root user, execute the post-obit command: 

            ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so

Additionally, for dependent applications that exercise not use the internal database (/usr/lib/libnssckbi.so), the /usr/sbin/make-ca script included on the make-ca-one.12 page can generate a system wide NSS DB with the -n switch, or by modifying the /etc/brand-ca/brand-ca.conf file.

Contents

Installed Programs: certutil, nss-config, and pk12util

Installed Libraries: libcrmf.a, libfreebl3.then, libfreeblpriv3.so, libnss3.so, libnssckbi.so, libnssckbi-testlib.so, libnssdbm3.so, libnsssysinit.and so, libnssutil3.so, libpkcs11testmodule.so, libsmime3.so, libsoftokn3.so, and libssl3.and then

Installed Directories: /usr/include/nss

Short Descriptions

certutil

is the Mozilla Document Database Tool. Information technology is a command-line utility that can create and alter the Netscape Communicator cert8.db and key3.db database files. Information technology can besides listing, generate, change, or delete certificates within the cert8.db file and create or change the password, generate new public and private key pairs, display the contents of the key database, or delete primal pairs within the key3.db file

nss-config

is used to decide the NSS library settings of the installed NSS libraries

pk12util

is a tool for importing certificates and keys from pkcs #12 files into NSS or exporting them. It tin can also list certificates and keys in such files

Source: https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html

0 Response to "How To Check Nss Version In Linux"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel