Rob Crittenden added support for NSS (Network Security Service) for the

                                  Changelog

Daniel (12 February 2007)

- Rob Crittenden added support for NSS (Network Security Service) for the

  SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/

  This is the fourth supported library for TLS/SSL that libcurl supports!

- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent

  to the debug callback.

 o Added CURLOPT_TIMEOUT_MS and CURLOPT_CONNECTTIMEOUT_MS

 o Added CURLOPT_HTTP_CONTENT_DECODING, CURLOPT_HTTP_TRANSFER_DECODING and

   --raw

 o Added support for using the NSS library for TLS/SSL

This release includes the following bugfixes:

This release would not have looked like this without help, code, reports and

advice from friends like these:

 Yang Tse, Manfred Schwarb, Michael Wallner, Jeff Pohlmeyer, Shmulik Regev

 Yang Tse, Manfred Schwarb, Michael Wallner, Jeff Pohlmeyer, Shmulik Regev,

 Rob Crittenden

        Thanks! (and sorry if I forgot to mention someone)

       [

       AC_DEFINE(USE_GNUTLS, 1, [if GnuTLS is enabled])

       AC_SUBST(USE_GNUTLS, [1])

       GNUTLS_ENABLED = 1

       USE_GNUTLS="yes"

       curl_ssl_msg="enabled (GnuTLS)"

       ],

  fi dnl GNUTLS not disabled

  if test X"$USE_GNUTLS" != "Xyes"; then

    AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])

    AC_MSG_WARN([Use --with-ssl or --with-gnutls to address this.])

fi dnl OPENSSL != 1

dnl ----------------------------------------------------

dnl NSS. Only check if GnuTLS and OpenSSL are not enabled

dnl ----------------------------------------------------

dnl Default to compiler & linker defaults for NSS files & libraries.

OPT_NSS=no

AC_ARG_WITH(nss,dnl

AC_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the installation root (default: /usr/local/)])

AC_HELP_STRING([--without-nss], [disable NSS detection]),

  OPT_NSS=$withval)

if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then

  if test X"$OPT_NSS" != Xno; then

    if test "x$OPT_NSS" = "xyes"; then

     check=`pkg-config --version 2>/dev/null`

     if test -n "$check"; then

       addlib=`pkg-config --libs nss`

       addcflags=`pkg-config --cflags nss`

       version=`pkg-config --modversion nss`

       nssprefix=`pkg-config --variable=prefix nss`

     fi

    else

      # Without pkg-config, we'll kludge in some defaults

      addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"

      addcflags="-I$OPT_NSS/include" 

      version="unknown"

      gtlsprefix=$OPT_GNUTLS

    fi

    if test -n "$addlib"; then

fi dnl OPENSSL != 1

      CLEANLIBS="$LIBS"

      CLEANCPPFLAGS="$CPPFLAGS"

      LIBS="$LIBS $addlib"

      if test "$addcflags" != "-I/usr/include"; then

         CPPFLAGS="$CPPFLAGS $addcflags"

      fi

      AC_CHECK_LIB(nss3, NSS_Initialize,

       [

       AC_DEFINE(USE_NSS, 1, [if NSS is enabled])

       AC_SUBST(USE_NSS, [1])

       USE_NSS="yes"

       NSS_ENABLED=1

       curl_ssl_msg="enabled (NSS)"

       ],

       [

         LIBS="$CLEANLIBS"

         CPPFLAGS="$CLEANCPPFLAGS"

       ])

      if test "x$USE_NSS" = "xyes"; then

        AC_MSG_NOTICE([detected NSS version $version])

        dnl when shared libs were found in a path that the run-time

        dnl linker doesn't search through, we need to add it to

        dnl LD_LIBRARY_PATH to prevent further configure tests to fail

        dnl due to this

        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"

        export LD_LIBRARY_PATH

        AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])

      fi

    fi

  fi dnl NSS not disabled

fi dnl OPENSSL != 1 -a GNUTLS_ENABLED != 1

if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED" = "x"; then

  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])

  AC_MSG_WARN([Use --with-ssl, --with-gnutls or --with-nss to address this.])

fi

dnl **********************************************************************

dnl Check for the CA bundle

  2.2 Does curl work/build with other SSL libraries?

  Curl has been written to use OpenSSL, GnuTLS or yassl, although there should

  not be many problems using a different library. If anyone does "port" curl

  to use a different SSL library, we are of course very interested in getting

  the patch!

  Curl has been written to use OpenSSL, GnuTLS, yassl or NSS, although there

  should not be many problems using a different library. If anyone does "port"

  curl to use a different SSL library, we are of course very interested in

  getting the patch!

  2.3 Where can I find a copy of LIBEAY32.DLL?

    http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html

  No special locking is needed with a NSS-powered libcurl. NSS is thread-safe.

  5.2 How can I receive all data into a large memory chunk?

  [ See also the examples/getinmemory.c source ]

FOOTNOTES

=========

  *1 = requires OpenSSL or GnuTLS

  *1 = requires OpenSSL, GnuTLS or NSS

  *2 = requires OpenLDAP

  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar.

  *4 = requires FBopenssl

  *5 = requires a krb4 library, such as the MIT one or similar.

  *6 = requires c-ares

  *7 = requires OpenSSL specificly, as GnuTLS only supports SSLv3 and TLSv1

  *7 = requires OpenSSL or NSS, as GnuTLS only supports SSLv3 and TLSv1