Discussion:
Mozilla NSS3.DLL (FireFox 52.x) API documentation sought
(too old to reply)
R.Wieser
2018-04-06 11:44:00 UTC
Permalink
Hello All,

I'm looking for API information in regard to the NSS3 dll as provided with
FireFox 52 .

I've taken a look at "news.mozilla.org", but can't seem to find a group in
which to post questions related to the above DLL. My Googeling returns
plenty results, but no indication to which version of the DLL the info
belongs to (there are some important differences between the versions of
that dll, like, among others, SSL_CipherPrefGetDefault being gone from it in
the above one)

I've also been searching my butt off for how to validate a received
certificate, but have not been able to even find a hint to a method to how
to do that (got stuck in SSL_AuthCertificateHook. No idea what to do in the
callback)

tl;dr:
I'm looking for both API info about NSS3.DLL as coming with FireFox 52 , as
well as a newsgroup to post questions about it in.

Does anyone have an idea ?

Regards,
Rudy Wieser
JJ
2018-04-06 16:40:20 UTC
Permalink
Post by R.Wieser
Hello All,
I'm looking for API information in regard to the NSS3 dll as provided with
FireFox 52 .
NSS documentations for the newer and current NSS version should be found
here:

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS

For SSL_CipherPrefGetDefault(), e.g.: (warning: long URL)

<https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/SSL_functions/sslfnc.html#1208119>

When searching for something, use Google instead of MDN's own search engine,
because MDN's a s###ty one. The Google search query e.g.:

"SSL_CipherPrefGetDefault" site:mozilla.org

And yes, with the double quotes. Otherwise fuzzy search results would be
included.

If any information is missing from MDN, check the archive:

https://www-archive.mozilla.org/projects/security/pki/nss/
Post by R.Wieser
I've taken a look at "news.mozilla.org", but can't seem to find a group in
which to post questions related to the above DLL. My Googeling returns
plenty results, but no indication to which version of the DLL the info
belongs to (there are some important differences between the versions of
that dll, like, among others, SSL_CipherPrefGetDefault being gone from it in
the above one)
It should be "mozilla.apis", according to:

https://www.mozilla.org/en-US/about/forums/#apis

Or maybe elsewhere which is listed on above page.
Post by R.Wieser
I've also been searching my butt off for how to validate a received
certificate, but have not been able to even find a hint to a method to how
to do that (got stuck in SSL_AuthCertificateHook. No idea what to do in the
callback)
Googling "SSL_AuthCertificateHook" gives plenty of source code. There should
be one that shows how.

Or just search for it in the Firefox source code from these servers:

https://hg.mozilla.org/mozilla-central/file

https://dxr.mozilla.org/mozilla-central/source/
R.Wieser
2018-04-06 20:26:07 UTC
Permalink
JJ,
Post by JJ
NSS documentations for the newer and current NSS version should
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
I found that one too. The problem with it is that it fails to give *any*
kind of indication which version of the DLL the currently found page is
valid for.

For example, I can find SSL_CipherPrefSetDefault as easily as
SSL_CipherPrefGetDefault there. And the latter doesn't exist in the FF 52
version of the DLL ...

I've also found blurbs like "SSL_CipherPrefGetDefault MXR 3.2 and later"
(with the "3.2" referring to the NSS version), which are not really helpful
(confusing is a better word for it).
Post by JJ
When searching for something, use Google instead of MDN's own search
engine, because MDN's a s###ty one.
Yeah. Thats true for many (documentation related) websites I'm afraid. :-)
Post by JJ
For SSL_CipherPrefGetDefault(), e.g.: (warning: long URL)
Yep. Found that too. But as that very paragraph contains a reference to
the "get" version I must take it that its targetted at an older version of
the NSS3 dll, and thus cannot consider it to be authorative in any way.
Post by JJ
https://www-archive.mozilla.org/projects/security/pki/nss/
You're joking, right ? That info there is already over decade old.
Post by JJ
https://www.mozilla.org/en-US/about/forums/#apis
Or maybe elsewhere which is listed on above page.
Have you looked at that newsgroup ? It might have been great once, but
currently its spammified garbage, even though the group is marked as
moderated. :-(

The reason I'm asking is that I tried twice to post in other newsgroups
there (after having rejected several other possibilities because of either
no, or spammified flow), but did not even see them back (turned out those
where moderated too). And as there are over 300 groups there I do not
really want to do any more "randomly pick a group and try" attempts.
Post by JJ
Googling "SSL_AuthCertificateHook" gives plenty of source code. There
should be one that shows how.
Not in the ones I could find I'm afraid (very few by the way). They
stopped short exactly there. I wonder why ...

I also tried to *not* calling the above function (and have the, specified in
the docs as default, "SSL_AuthCertificate" do the work), but that doesnt
work either (it throws an "can't verify the certificate" error).
Post by JJ
https://hg.mozilla.org/mozilla-central/file
https://dxr.mozilla.org/mozilla-central/source/
I tried it and got nothing. Probably because my machine "doesn't do"
javascript.

But I also did do a site-limited (meaning: withouth the paths) google for
"SSL_AuthCertificateHook", and got 9 (nine!) results. None of them
informational (not even en explanation to the used arguments).

I did find the/an origional "SSL_AuthCertificate" routine there though
(once!). But as that already has proven not to work I'm not really sure how
that code could be helpful to me ... Apart from having no idea if its
actually related to the DLL I'm using ofcourse.

tl;dr:
There is a *reason* why I asked. Because I've spend hours upon hours
(spread over a few months) trying to find authorative info (first for FF
6.x, now for FF 52.x). And all I've been able to find is shattered glass.
non-versioned function names, with no explanation and/or examples to their
usage. And just one or two bits of partial example code.

Regards
Rudy Wieser

Loading...