From Fedora Project Wiki

Feature Name

python-nss

Summary

Python bindings for NSS/NSPR allowing Python programs to utilize the NSS cryptographic libraries for SSL/TLS and PKI certificate management.

Owner

Current status

  • Targeted release:
  • Last updated: 7/9/2008 (built for Rawhide/F-10)
  • Percentage of completion: 100%

Detailed Description

Network Security Services (NSS) is a set of libraries supporting security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. NSS has received FIPS 140 validation from NIST. The python-nss feature provides a Python binding to NSS and the NSPR support libraries.

Benefit to Fedora

NSS is FIPS 140 validated making it a preferred network cryptographic library for SSL/TLS and PKI certificate management and provides an alternative to OpenSSL and GNU TLS. NSS is industrial strength having proved itself in the Netscape family of products in highly demanding environments supporting government and commercial services. Fedora makes extensive use of the Python programming language and with the availability of python-nss Python based programs and libraries can now avail themselves of NSS.

Previously there were no Python bindings for NSS, and a programmer wishing to use NSS was limited to writing in C or C++. Python bindings for NSS had not been previously available because of the difficulty in producing them. Red Hat invested several man months of engineering effort to hand code these bindings from scratch. As is the case with all Red Hat engineering efforts the result is being contributed to the community as an open source contribution.

Scope

The binding in its initial state is complete. Since the binding is brand new it is anticipated early adopters of the binding will provide feedback, which may cause some elements of the binding to be modified and/or expanded as the binding approaches maturity.

Test Plan

  1. No special hardware / data / etc. is needed, only a network connection.
  2. To prepare your system to test this feature
    1. yum install python-nss
  3. Actions to check that the feature is working like it's supposed to.
    1. Run the test script found in the documentation directory.
  4. What are the expected results of those actions?
    1. test succeeds


User Experience

This feature will not modify a user's experience; it is mostly invisible to a user.

Dependencies

The python-nss package is not depended on by any other package at the moment. There are no external dependencies which are not already resolved from prior Fedora releases.

Contingency Plan

A Contingency plan is not necessary, there are no dependencies on python-nss and the initial version of python-nss is complete and currently built in rawhide in preparation for F-10.

Documentation

The package includes extensive documentation which can be found online at:

http://people.redhat.com/jdennis/python-nss/doc/api/html/index.html

or locally after installation here:

file:///usr/share/doc/python-nss-0.0/api/html/index.html

There is also an example program in doc/examples. This is described in the introductory html documentation (in the nss package section of the documentation).

Release Notes

  • FIXME--include something here alerting readers to the new functionality provided by this new feature

Comments and Discussion