# sitelib for noarch packages, sitearch for others (remove the unneeded one)

%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}

%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}

%global build_api_doc 1

Name:           python-nss

Version:        0.16.0

Release:        3%{?dist}

Summary:        Python bindings for Network Security Services (NSS)

Group:          Development/Languages

License:        MPLv2.0 or GPLv2+ or LGPLv2+

URL:            ftp://ftp.mozilla.org/pub/mozilla.org/security/python-nss

Source0:        ftp://ftp.mozilla.org/pub/mozilla.org/security/python-nss/releases/PYNSS_RELEASE_0_16_0/src/python-nss-%{version}.tar.bz2

BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

Patch1: nss-version.patch

Patch2: python-nss-file-like-read.patch

Patch3: python-nss-test-fips.patch

Patch4: python-nss-set_certificate_db.patch

Patch5: python-nss-doc-manifest.patch

%global docdir %{_docdir}/%{name}-%{version}

# We don't want to provide private python extension libs

%{?filter_setup:

%filter_provides_in %{python_sitearch}/.*\.so$

%filter_setup

}

BuildRequires: python-devel

BuildRequires: python-setuptools

BuildRequires: python-docutils

BuildRequires: nspr-devel

BuildRequires: nss-devel

BuildRequires: epydoc

%description

This package provides Python bindings for Network Security Services

(NSS) and the Netscape Portable Runtime (NSPR).

NSS is a set of libraries supporting security-enabled client and

server applications. Applications built with NSS can support SSL v2

and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3

certificates, and other security standards. Specific NSS

implementations have been FIPS-140 certified.

%package doc

Group: Documentation

Summary: API documentation and examples

Requires: %{name} = %{version}-%{release}

%description doc

API documentation and examples

%prep

%setup -q

%patch1 -p1 -b .nss-version

%patch2 -p1 -b .file-like

%patch3 -p1 -b .fips-test

%patch4 -p1 -b .set_certificate_db

%patch5 -p1 -b .doc-manifest

%build

CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" %{__python} setup.py build

%if %build_api_doc

%{__python} setup.py build_doc

%endif

%install

rm -rf $RPM_BUILD_ROOT

%{__python} setup.py install  -O1 --install-platlib %{python_sitearch} --skip-build --root $RPM_BUILD_ROOT

%{__python} setup.py install_doc --docdir %{docdir} --skip-build --root $RPM_BUILD_ROOT

# Remove execution permission from any example/test files in docdir

find $RPM_BUILD_ROOT/%{docdir} -type f | xargs chmod a-x

# Set correct permissions on .so files

chmod 0755 $RPM_BUILD_ROOT/%{python_sitearch}/nss/*.so

%clean

rm -rf $RPM_BUILD_ROOT

%files

%defattr(-,root,root,-)

%{python_sitearch}/*

%doc %{docdir}/ChangeLog

%doc %{docdir}/LICENSE.gpl

%doc %{docdir}/LICENSE.lgpl

%doc %{docdir}/LICENSE.mpl

%doc %{docdir}/README

%files doc

%defattr(-,root,root,-)

%doc %{docdir}/examples

%doc %{docdir}/test

%if %build_api_doc

%doc %{docdir}/api

%endif

%changelog

* Tue May 26 2015 John Dennis <jdennis@redhat.com> - 0.16.0-3

- Resolves: #1225212

  Reads from file like objects actually only worked for file objects

- Resolves: #1179573

  python-nss-doc package is missing the run_tests script

- Resolves: #1194349

  test_pkcs12.py does not works in FIPS mode 

* Tue Nov 25 2014 John Dennis <jdennis@redhat.com> - 0.16.0-2

- Remove the TLS 1.3 symbols from ssl_version_range.py example

  because RHEL only has NSS 3.16.

* Mon Nov 24 2014 John Dennis <jdennis@redhat.com> - 0.16.0-1

- resolves: bug#1155703 - Add API call for SSL_VersionRangeSet (rebase)

  rebased to 0.16.0

- The primary enhancements in this version is adding support for the

  setting trust attributes on a Certificate, the SSL version range API,

  information on the SSL cipher suites and information on the SSL connection.

  * The following module functions were added:

    - ssl.get_ssl_version_from_major_minor

    - ssl.get_default_ssl_version_range

    - ssl.get_supported_ssl_version_range

    - ssl.set_default_ssl_version_range

    - ssl.ssl_library_version_from_name

    - ssl.ssl_library_version_name

    - ssl.get_cipher_suite_info

    - ssl.ssl_cipher_suite_name

    - ssl.ssl_cipher_suite_from_name

  * The following deprecated module functions were removed:

    - ssl.nssinit

    - ssl.nss_ini

    - ssl.nss_shutdown

  * The following classes were added:

    - SSLCipherSuiteInfo

    - SSLChannelInfo

  * The following class methods were added:

    - Certificate.trust_flags

    - Certificate.set_trust_attributes

    - SSLSocket.set_ssl_version_range

    - SSLSocket.get_ssl_version_range

    - SSLSocket.get_ssl_channel_info

    - SSLSocket.get_negotiated_host

    - SSLSocket.connection_info_format_lines

    - SSLSocket.connection_info_format

    - SSLSocket.connection_info_str

    - SSLCipherSuiteInfo.format_lines

    - SSLCipherSuiteInfo.format

    - SSLChannelInfo.format_lines

    - SSLChannelInfo.format

  * The following class properties were added:

    - Certificate.ssl_trust_flags

    - Certificate.email_trust_flags

    - Certificate.signing_trust_flags

    - SSLCipherSuiteInfo.cipher_suite

    - SSLCipherSuiteInfo.cipher_suite_name

    - SSLCipherSuiteInfo.auth_algorithm

    - SSLCipherSuiteInfo.auth_algorithm_name

    - SSLCipherSuiteInfo.kea_type

    - SSLCipherSuiteInfo.kea_type_name

    - SSLCipherSuiteInfo.symmetric_cipher

    - SSLCipherSuiteInfo.symmetric_cipher_name

    - SSLCipherSuiteInfo.symmetric_key_bits

    - SSLCipherSuiteInfo.symmetric_key_space

    - SSLCipherSuiteInfo.effective_key_bits

    - SSLCipherSuiteInfo.mac_algorithm

    - SSLCipherSuiteInfo.mac_algorithm_name

    - SSLCipherSuiteInfo.mac_bits

    - SSLCipherSuiteInfo.is_fips

    - SSLCipherSuiteInfo.is_exportable

    - SSLCipherSuiteInfo.is_nonstandard

    - SSLChannelInfo.protocol_version

    - SSLChannelInfo.protocol_version_str

    - SSLChannelInfo.protocol_version_enum

    - SSLChannelInfo.major_protocol_version

    - SSLChannelInfo.minor_protocol_version

    - SSLChannelInfo.cipher_suite

    - SSLChannelInfo.auth_key_bits

    - SSLChannelInfo.kea_key_bits

    - SSLChannelInfo.creation_time

    - SSLChannelInfo.creation_time_utc

    - SSLChannelInfo.last_access_time

    - SSLChannelInfo.last_access_time_utc

    - SSLChannelInfo.expiration_time

    - SSLChannelInfo.expiration_time_utc

    - SSLChannelInfo.compression_method

    - SSLChannelInfo.compression_method_name

    - SSLChannelInfo.session_id

  * The following files were added:

    - doc/examples/cert_trust.py

    - doc/examples/ssl_version_range.py

  * The following constants were added:

    - nss.CERTDB_TERMINAL_RECORD

    - nss.CERTDB_VALID_PEER

    - nss.CERTDB_TRUSTED

    - nss.CERTDB_SEND_WARN

    - nss.CERTDB_VALID_CA

    - nss.CERTDB_TRUSTED_CA

    - nss.CERTDB_NS_TRUSTED_CA

    - nss.CERTDB_USER

    - nss.CERTDB_TRUSTED_CLIENT_CA

    - nss.CERTDB_GOVT_APPROVED_CA

    - ssl.SRTP_AES128_CM_HMAC_SHA1_32

    - ssl.SRTP_AES128_CM_HMAC_SHA1_80

    - ssl.SRTP_NULL_HMAC_SHA1_32

    - ssl.SRTP_NULL_HMAC_SHA1_80

    - ssl.SSL_CK_DES_192_EDE3_CBC_WITH_MD5

    - ssl.SSL_CK_DES_64_CBC_WITH_MD5

    - ssl.SSL_CK_IDEA_128_CBC_WITH_MD5

    - ssl.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5

    - ssl.SSL_CK_RC2_128_CBC_WITH_MD5

    - ssl.SSL_CK_RC4_128_EXPORT40_WITH_MD5

    - ssl.SSL_CK_RC4_128_WITH_MD5

    - ssl.SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA

    - ssl.SSL_FORTEZZA_DMS_WITH_NULL_SHA

    - ssl.SSL_FORTEZZA_DMS_WITH_RC4_128_SHA

    - ssl.SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA

    - ssl.SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA

    - ssl.TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

    - ssl.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DHE_DSS_WITH_DES_CBC_SHA

    - ssl.TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

    - ssl.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

    - ssl.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DHE_RSA_WITH_DES_CBC_SHA

    - ssl.TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DH_DSS_WITH_DES_CBC_SHA

    - ssl.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DH_RSA_WITH_DES_CBC_SHA

    - ssl.TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_DH_anon_EXPORT_WITH_RC4_40_MD5

    - ssl.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_DH_anon_WITH_AES_128_CBC_SHA

    - ssl.TLS_DH_anon_WITH_AES_256_CBC_SHA

    - ssl.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DH_anon_WITH_DES_CBC_SHA

    - ssl.TLS_DH_anon_WITH_RC4_128_MD5

    - ssl.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

    - ssl.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

    - ssl.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_EMPTY_RENEGOTIATION_INFO_SCSV

    - ssl.TLS_FALLBACK_SCSV

    - ssl.TLS_NULL_WITH_NULL_NULL

    - ssl.TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

    - ssl.TLS_RSA_EXPORT_WITH_RC4_40_MD5

    - ssl.TLS_RSA_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_RSA_WITH_AES_128_CBC_SHA256

    - ssl.TLS_RSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_RSA_WITH_AES_256_CBC_SHA256

    - ssl.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_RSA_WITH_DES_CBC_SHA

    - ssl.TLS_RSA_WITH_IDEA_CBC_SHA

    - ssl.TLS_RSA_WITH_NULL_MD5

    - ssl.TLS_RSA_WITH_NULL_SHA

    - ssl.TLS_RSA_WITH_NULL_SHA256

    - ssl.TLS_RSA_WITH_RC4_128_MD5

    - ssl.TLS_RSA_WITH_RC4_128_SHA

    - ssl.TLS_RSA_WITH_SEED_CBC_SHA

    - ssl.SSL_VARIANT_DATAGRAM

    - ssl.SSL_VARIANT_STREAM

    - ssl.SSL_LIBRARY_VERSION_2

    - ssl.SSL_LIBRARY_VERSION_3_0

    - ssl.SSL_LIBRARY_VERSION_TLS_1_0

    - ssl.SSL_LIBRARY_VERSION_TLS_1_1

    - ssl.SSL_LIBRARY_VERSION_TLS_1_2

    - ssl.SSL_LIBRARY_VERSION_TLS_1_3

    - ssl.ssl2

    - ssl.ssl3

    - ssl.tls1.0

    - ssl.tls1.1

    - ssl.tls1.2

    - ssl.tls1.3

   * The following methods were missing thread locks, this has been fixed.

     - nss.nss_initialize

     - nss.nss_init_context

     - nss.nss_shutdown_context

* Mon Jun 16 2014 John Dennis <jdennis@redhat.com> - 0.15.0-1

- resolves: bug#1109769 rebase to 0.15.0

- includes fixes for 1087031 and 1060314

  See doc/Changelog for details

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.14.0-5

- Mass rebuild 2014-01-24

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.14.0-4

- Mass rebuild 2013-12-27

* Fri Oct 18 2013 John Dennis <jdennis@redhat.com> - 0.14.0-3

- resolves: bug#1003979

- In coordination with QE with regards to bz 1019934 it was requested

  the unittest patches be enhanced with a more robust version of

  test_pkcs12, no actual bug, just better testing.

* Tue Oct  8 2013 John Dennis <jdennis@redhat.com> - 0.14.0-2

- resolves: bug#1002589

- resolves: bug#1003979

- Rewrite setup_certs.py. No longer behaves like an expect script

  which was fragile. By default now creates a sql style database.

- By default all examples & tests use new sql format for NSS database

- db-name is now used instead of dbdir to provide distinction between

  the database directory and it's scheme (e.g. 'sql:')

- all examples and tests now default db-name to 'sql:pki'

- replaced legacy getopt & optparse command line argument handling

  with modern argparse.

* Mon May 13 2013 John Dennis <jdennis@redhat.com> - 0.14-1

  External Changes:

  -----------------

  The primary enhancements in this version is support of certifcate

  validation, OCSP support, and support for the certificate "Authority

  Information Access" extension.

  Enhanced certifcate validation including CA certs can be done via

  Certificate.verify() or Certificate.is_ca_cert(). When cert

  validation fails you can now obtain diagnostic information as to why

  the cert failed to validate. This is encapsulated in the

  CertVerifyLog class which is a iterable collection of

  CertVerifyLogNode objects. Most people will probablby just print the

  string representation of the returned CertVerifyLog object. Cert

  validation logging is handled by the Certificate.verify() method.

  Support has also been added for the various key usage and cert type

  entities which feature prominently during cert validation.

  * Certificate() constructor signature changed from

    Certificate(data=None, der_is_signed=True)

    to

    Certificate(data, certdb=cert_get_default_certdb(), perm=False, nickname=None)

    This change was necessary because all certs should be added to the

    NSS temporary database when they are loaded, but earlier code

    failed to to that. It's is not likely that an previous code was

    failing to pass initialization data or the der_is_signed flag so

    this change should be backwards compatible.

  * Fix bug #922247, PKCS12Decoder.database_import() method. Importing into

    a NSS database would sometimes fail or segfault.

  * Error codes and descriptions were updated from upstream NSPR & NSS.

  * The password callback did not allow for breaking out of a password

    prompting loop, now if None is returned from the password callback

    the password prompting is terminated.

  * nss.nss_shutdown_context now called from InitContext destructor,

    this assures the context is shutdown even if the programmer forgot

    to. It's still best to explicitly shut it down, this is just

    failsafe.

  * Support was added for shutdown callbacks.

  * The following classes were added:

    - nss.CertVerifyLogNode

    - nss.CertVerifyLog

    - error.CertVerifyError (exception)

    - nss.AuthorityInfoAccess

    - nss.AuthorityInfoAccesses

  * The following class methods were added:

    - nss.Certificate.is_ca_cert

    - nss.Certificate.verify

    - nss.Certificate.verify_with_log

    - nss.Certificate.get_cert_chain

    - nss.Certificate.check_ocsp_status

    - nss.PK11Slot.list_certs

    - nss.CertVerifyLogNode.format_lines

    - nss.CertVerifyLog.format_lines

    - nss.CRLDistributionPts.format_lines

  * The following class properties were added:

    - nss.CertVerifyLogNode.certificate

    - nss.CertVerifyLogNode.error

    - nss.CertVerifyLogNode.depth

    - nss.CertVerifyLog.count

  * The following module functions were added:

    - nss.x509_cert_type

    - nss.key_usage_flags

    - nss.list_certs

    - nss.find_certs_from_email_addr

    - nss.find_certs_from_nickname

    - nss.nss_get_version

    - nss.nss_version_check

    - nss.set_shutdown_callback

    - nss.get_use_pkix_for_validation

    - nss.set_use_pkix_for_validation

    - nss.enable_ocsp_checking

    - nss.disable_ocsp_checking

    - nss.set_ocsp_cache_settings

    - nss.set_ocsp_failure_mode

    - nss.set_ocsp_timeout

    - nss.clear_ocsp_cache

    - nss.set_ocsp_default_responder

    - nss.enable_ocsp_default_responder

    - nss.disable_ocsp_default_responder

  * The following files were added:

      src/py_traceback.h

      doc/examples/verify_cert.py

      test/test_misc.py

  * The following constants were added:

    - nss.KU_DIGITAL_SIGNATURE

    - nss.KU_NON_REPUDIATION

    - nss.KU_KEY_ENCIPHERMENT

    - nss.KU_DATA_ENCIPHERMENT

    - nss.KU_KEY_AGREEMENT

    - nss.KU_KEY_CERT_SIGN

    - nss.KU_CRL_SIGN

    - nss.KU_ENCIPHER_ONLY

    - nss.KU_ALL

    - nss.KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION

    - nss.KU_KEY_AGREEMENT_OR_ENCIPHERMENT

    - nss.KU_NS_GOVT_APPROVED

    - nss.PK11CertListUnique

    - nss.PK11CertListUser

    - nss.PK11CertListRootUnique

    - nss.PK11CertListCA

    - nss.PK11CertListCAUnique

    - nss.PK11CertListUserUnique

    - nss.PK11CertListAll

    - nss.certUsageSSLClient

    - nss.certUsageSSLServer

    - nss.certUsageSSLServerWithStepUp

    - nss.certUsageSSLCA

    - nss.certUsageEmailSigner

    - nss.certUsageEmailRecipient

    - nss.certUsageObjectSigner

    - nss.certUsageUserCertImport

    - nss.certUsageVerifyCA

    - nss.certUsageProtectedObjectSigner

    - nss.certUsageStatusResponder

    - nss.certUsageAnyCA

    - nss.ocspMode_FailureIsVerificationFailure

    - nss.ocspMode_FailureIsNotAVerificationFailure

  * cert_dump.py extended to print NS_CERT_TYPE_EXTENSION

  * cert_usage_flags, nss_init_flags now support optional repr_kind parameter

  Internal Changes:

  -----------------

  * Reimplement exception handling

    - NSPRError is now derived from StandardException instead of

      EnvironmentError. It was never correct to derive from

      EnvironmentError but was difficult to implement a new subclassed

      exception with it's own attributes, using EnvironmentError had

      been expedient.

    - NSPRError now derived from StandardException, provides:

      * errno (numeric error code)

      * strerror (error description associated with error code)

      * error_message (optional detailed message)

      * error_code (alias for errno)

      * error_desc (alias for strerror)

    - CertVerifyError derived from NSPRError, extends with:

      * usages (bitmask of returned usages)

      * log (CertVerifyLog object)

  * Expose error lookup to sibling modules

  * Use macros for bitmask_to_list functions to reduce code

    duplication and centralize logic.

  * Add repr_kind parameter to cert_trust_flags_str()

  * Add support for repr_kind AsEnumName to bitstring table lookup.

  * Add cert_type_bitstr_to_tuple() lookup function

  * Add PRTimeConvert(), used to convert Python time values

    to PRTime, centralizes conversion logic, reduces duplication

  * Add UTF8OrNoneConvert to better handle unicode parameters which

    are optional.

  * Add Certificate_summary_format_lines() utility to generate

    concise certificate identification info for output.

  * Certificate_new_from_CERTCertificate now takes add_reference parameter

    to properly reference count certs, should fix shutdown busy problems.

  * Add print_traceback(), print_cert() debugging support.

* Mon Feb 18 2013 John Dennis <jdennis@redhat.com> - 0.13-1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Mon Oct  8 2012 John Dennis <jdennis@redhat.com> - 0.13-0

- Update to version 0.13

  Introduced in 0.13:

  * Fix NSS SECITEM_CompareItem bug via workaround.

  * Fix incorrect format strings in PyArg_ParseTuple* for:

    - GeneralName

    - BasicConstraints

    - cert_x509_key_usage

  * Fix bug when decoding certificate BasicConstraints extension

  * Fix hang in setup_certs.

  * For NSS >= 3.13 support CERTDB_TERMINAL_RECORD

  * You can now query for a specific certificate extension

    Certficate.get_extension()

  * The following classes were added:

    - RSAGenParams

  * The following class methods were added:

    - nss.nss.Certificate.get_extension

    - nss.nss.PK11Slot.generate_key_pair

    - nss.nss.DSAPublicKey.format

    - nss.nss.DSAPublicKey.format_lines

  * The following module functions were added:

    - nss.nss.pub_wrap_sym_key

  * The following internal utilities were added:

    - PyString_UTF8

    - SecItem_new_alloc()

  * The following class constructors were modified to accept

    intialization parameters

    - KEYPQGParams (DSA generation parameters)

  * The PublicKey formatting (i.e. format_lines) was augmented

    to format DSA keys (formerly it only recognized RSA keys).

  * Allow lables and values to be justified when printing objects

  * The following were deprecated:

    - nss.nss.make_line_pairs (replaced by nss.nss.make_line_fmt_tuples)

    Deprecated Functionality:

    -------------------------

    - make_line_pairs() has been replaced by make_line_fmt_tuples()

      because 2-valued tuples were not sufficently general. It is

      expected very few programs will have used this function, it's mostly

      used internally but provided as a support utility.

* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Thu Nov 17 2011 John Dennis <jdennis@redhat.com> - 0.12-2

- add patch python-nss-0.12-rsapssparams.patch to fix build problem

  which appears only with nss 3.13 and later.

* Mon Jun  6 2011 John Dennis <jdennis@redhat.com> - 0.12-1

  * Major new enhancement is additon of PKCS12 support and

    AlgorithmID's.

  * setup.py build enhancements

    - Now searches for the NSS and NSPR header files rather

      than hardcoding their location. This makes building friendlier

      on other systems (i.e. debian)

    - Now takes optional command line arguments, -d or --debug

      will turn on debug options during the build.

  * Fix reference counting bug in PK11_password_callback() which

    contributed to NSS not being able to shutdown due to

    resources still in use.

  * Add UTF-8 support to ssl.config_server_session_id_cache()

  * Added unit tests for cipher, digest, client_server.

  * All unittests now run, added test/run_tests to invoke

    full test suite.

  * Fix bug in test/setup_certs.py, hardcoded full path to

    libnssckbi.so was causing failures on 64-bit systems,

    just use the libnssckbi.so basename, modutil will find

    it on the standard search path.

  * doc/examples/cert_dump.py uses new AlgorithmID class to

    dump Signature Algorithm

  * doc/examples/ssl_example.py now can cleanly shutdown NSS.

  * Exception error messages now include PR error text if available.

  * The following classes were replaced:

    - SignatureAlgorithm replaced by new class AlgorithmID

  * The following classes were added:

    - AlgorithmID

    - PKCS12DecodeItem

    - PKCS12Decoder

  * The following class methods were added:

    - PK11Slot.authenticate()

    - PK11Slot.get_disabled_reason()

    - PK11Slot.has_protected_authentication_path()

    - PK11Slot.has_root_certs()

    - PK11Slot.is_disabled()

    - PK11Slot.is_friendly()

    - PK11Slot.is_internal()

    - PK11Slot.is_logged_in()

    - PK11Slot.is_removable()

    - PK11Slot.logout()

    - PK11Slot.need_login()

    - PK11Slot.need_user_init()

    - PK11Slot.user_disable()

    - PK11Slot.user_enable()

    - PKCS12DecodeItem.format()

    - PKCS12DecodeItem.format_lines()

    - PKCS12Decoder.database_import()

    - PKCS12Decoder.format()

    - PKCS12Decoder.format_lines()

  * The following class properties were added:

    - AlgorithmID.id_oid

    - AlgorithmID.id_str

    - AlgorithmID.id_tag

    - AlgorithmID.parameters

    - PKCS12DecodeItem.certificate

    - PKCS12DecodeItem.friendly_name

    - PKCS12DecodeItem.has_key

    - PKCS12DecodeItem.shroud_algorithm_id

    - PKCS12DecodeItem.signed_cert_der

    - PKCS12DecodeItem.type

    - SignedData.data

    - SignedData.der

  * The following module functions were added:

    - nss.nss.dump_certificate_cache_info()

    - nss.nss.find_slot_by_name()

    - nss.nss.fingerprint_format_lines()

    - nss.nss.get_internal_slot()

    - nss.nss.is_fips()

    - nss.nss.need_pw_init()

    - nss.nss.nss_init_read_write()

    - nss.nss.pk11_disabled_reason_name()

    - nss.nss.pk11_disabled_reason_str()

    - nss.nss.pk11_logout_all()

    - nss.nss.pkcs12_cipher_from_name()

    - nss.nss.pkcs12_cipher_name()

    - nss.nss.pkcs12_enable_all_ciphers()

    - nss.nss.pkcs12_enable_cipher()

    - nss.nss.pkcs12_export()

    - nss.nss.pkcs12_map_cipher()

    - nss.nss.pkcs12_set_nickname_collision_callback()

    - nss.nss.pkcs12_set_preferred_cipher()

    - nss.nss.token_exists()

    - nss.ssl.config_mp_server_sid_cache()

    - nss.ssl.config_server_session_id_cache_with_opt()

    - nss.ssl.get_max_server_cache_locks()

    - nss.ssl.set_max_server_cache_locks()

    - nss.ssl.shutdown_server_session_id_cache()

  * The following constants were added:

    - nss.nss.int.PK11_DIS_COULD_NOT_INIT_TOKEN

    - nss.nss.int.PK11_DIS_NONE

    - nss.nss.int.PK11_DIS_TOKEN_NOT_PRESENT

    - nss.nss.int.PK11_DIS_TOKEN_VERIFY_FAILED

    - nss.nss.int.PK11_DIS_USER_SELECTED

    - nss.nss.int.PKCS12_DES_56

    - nss.nss.int.PKCS12_DES_EDE3_168

    - nss.nss.int.PKCS12_RC2_CBC_128

    - nss.nss.int.PKCS12_RC2_CBC_40