[ol7_latest_archive] python-nss-0.16.0-3.el7.aarch64

Name:	python-nss
Version:	0.16.0
Release:	3.el7
Architecture:	aarch64
Group:	Development/Languages
Size:	1107039
License:	MPLv2.0 or GPLv2+ or LGPLv2+
RPM:	python-nss-0.16.0-3.el7.aarch64.rpm
Source RPM:	python-nss-0.16.0-3.el7.src.rpm
Build Date:	Thu May 03 2018
Build Host:	ca-buildarm01.us.oracle.com
Vendor:	Oracle America
URL:	ftp://ftp.mozilla.org/pub/mozilla.org/security/python-nss
Summary:	Python bindings for Network Security Services (NSS)
Description:	This package provides Python bindings for Network Security Services (NSS) and the Netscape Portable Runtime (NSPR). NSS is a set of libraries supporting security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. Specific NSS implementations have been FIPS-140 certified.

Changelog (Show File list) (Show related packages)

Tue May 26 2015 John Dennis <jdennis@redhat.com> - 0.16.0-3

- Resolves: #1225212
  Reads from file like objects actually only worked for file objects
- Resolves: #1179573
  python-nss-doc package is missing the run_tests script
- Resolves: #1194349
  test_pkcs12.py does not works in FIPS mode

Tue Nov 25 2014 John Dennis <jdennis@redhat.com> - 0.16.0-2

- Remove the TLS 1.3 symbols from ssl_version_range.py example
  because RHEL only has NSS 3.16.

Mon Nov 24 2014 John Dennis <jdennis@redhat.com> - 0.16.0-1

- resolves: bug#1155703 - Add API call for SSL_VersionRangeSet (rebase)
  rebased to 0.16.0
- The primary enhancements in this version is adding support for the
  setting trust attributes on a Certificate, the SSL version range API,
  information on the SSL cipher suites and information on the SSL connection.

  * The following module functions were added:

    - ssl.get_ssl_version_from_major_minor
    - ssl.get_default_ssl_version_range
    - ssl.get_supported_ssl_version_range
    - ssl.set_default_ssl_version_range
    - ssl.ssl_library_version_from_name
    - ssl.ssl_library_version_name
    - ssl.get_cipher_suite_info
    - ssl.ssl_cipher_suite_name
    - ssl.ssl_cipher_suite_from_name

  * The following deprecated module functions were removed:

    - ssl.nssinit
    - ssl.nss_ini
    - ssl.nss_shutdown

  * The following classes were added:

    - SSLCipherSuiteInfo
    - SSLChannelInfo

  * The following class methods were added:

    - Certificate.trust_flags
    - Certificate.set_trust_attributes

    - SSLSocket.set_ssl_version_range
    - SSLSocket.get_ssl_version_range
    - SSLSocket.get_ssl_channel_info
    - SSLSocket.get_negotiated_host
    - SSLSocket.connection_info_format_lines
    - SSLSocket.connection_info_format
    - SSLSocket.connection_info_str
	
    - SSLCipherSuiteInfo.format_lines
    - SSLCipherSuiteInfo.format

    - SSLChannelInfo.format_lines
    - SSLChannelInfo.format

  * The following class properties were added:

    - Certificate.ssl_trust_flags
    - Certificate.email_trust_flags
    - Certificate.signing_trust_flags

    - SSLCipherSuiteInfo.cipher_suite
    - SSLCipherSuiteInfo.cipher_suite_name
    - SSLCipherSuiteInfo.auth_algorithm
    - SSLCipherSuiteInfo.auth_algorithm_name
    - SSLCipherSuiteInfo.kea_type
    - SSLCipherSuiteInfo.kea_type_name
    - SSLCipherSuiteInfo.symmetric_cipher
    - SSLCipherSuiteInfo.symmetric_cipher_name
    - SSLCipherSuiteInfo.symmetric_key_bits
    - SSLCipherSuiteInfo.symmetric_key_space
    - SSLCipherSuiteInfo.effective_key_bits
    - SSLCipherSuiteInfo.mac_algorithm
    - SSLCipherSuiteInfo.mac_algorithm_name
    - SSLCipherSuiteInfo.mac_bits
    - SSLCipherSuiteInfo.is_fips
    - SSLCipherSuiteInfo.is_exportable
    - SSLCipherSuiteInfo.is_nonstandard

    - SSLChannelInfo.protocol_version
    - SSLChannelInfo.protocol_version_str
    - SSLChannelInfo.protocol_version_enum
    - SSLChannelInfo.major_protocol_version
    - SSLChannelInfo.minor_protocol_version
    - SSLChannelInfo.cipher_suite
    - SSLChannelInfo.auth_key_bits
    - SSLChannelInfo.kea_key_bits
    - SSLChannelInfo.creation_time
    - SSLChannelInfo.creation_time_utc
    - SSLChannelInfo.last_access_time
    - SSLChannelInfo.last_access_time_utc
    - SSLChannelInfo.expiration_time
    - SSLChannelInfo.expiration_time_utc
    - SSLChannelInfo.compression_method
    - SSLChannelInfo.compression_method_name
    - SSLChannelInfo.session_id

  * The following files were added:

    - doc/examples/cert_trust.py
    - doc/examples/ssl_version_range.py

  * The following constants were added:
    - nss.CERTDB_TERMINAL_RECORD
    - nss.CERTDB_VALID_PEER
    - nss.CERTDB_TRUSTED
    - nss.CERTDB_SEND_WARN
    - nss.CERTDB_VALID_CA
    - nss.CERTDB_TRUSTED_CA
    - nss.CERTDB_NS_TRUSTED_CA
    - nss.CERTDB_USER
    - nss.CERTDB_TRUSTED_CLIENT_CA
    - nss.CERTDB_GOVT_APPROVED_CA
    - ssl.SRTP_AES128_CM_HMAC_SHA1_32
    - ssl.SRTP_AES128_CM_HMAC_SHA1_80
    - ssl.SRTP_NULL_HMAC_SHA1_32
    - ssl.SRTP_NULL_HMAC_SHA1_80
    - ssl.SSL_CK_DES_192_EDE3_CBC_WITH_MD5
    - ssl.SSL_CK_DES_64_CBC_WITH_MD5
    - ssl.SSL_CK_IDEA_128_CBC_WITH_MD5
    - ssl.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
    - ssl.SSL_CK_RC2_128_CBC_WITH_MD5
    - ssl.SSL_CK_RC4_128_EXPORT40_WITH_MD5
    - ssl.SSL_CK_RC4_128_WITH_MD5
    - ssl.SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA
    - ssl.SSL_FORTEZZA_DMS_WITH_NULL_SHA
    - ssl.SSL_FORTEZZA_DMS_WITH_RC4_128_SHA
    - ssl.SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA
    - ssl.SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA
    - ssl.TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
    - ssl.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    - ssl.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
    - ssl.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
    - ssl.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
    - ssl.TLS_DHE_DSS_WITH_DES_CBC_SHA
    - ssl.TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    - ssl.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    - ssl.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    - ssl.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    - ssl.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    - ssl.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
    - ssl.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
    - ssl.TLS_DHE_RSA_WITH_DES_CBC_SHA
    - ssl.TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA
    - ssl.TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA
    - ssl.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
    - ssl.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
    - ssl.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
    - ssl.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
    - ssl.TLS_DH_DSS_WITH_DES_CBC_SHA
    - ssl.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
    - ssl.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
    - ssl.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
    - ssl.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
    - ssl.TLS_DH_RSA_WITH_DES_CBC_SHA
    - ssl.TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
    - ssl.TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
    - ssl.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
    - ssl.TLS_DH_anon_WITH_AES_128_CBC_SHA
    - ssl.TLS_DH_anon_WITH_AES_256_CBC_SHA
    - ssl.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
    - ssl.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
    - ssl.TLS_DH_anon_WITH_DES_CBC_SHA
    - ssl.TLS_DH_anon_WITH_RC4_128_MD5
    - ssl.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    - ssl.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - ssl.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    - ssl.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    - ssl.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
    - ssl.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
    - ssl.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
    - ssl.TLS_FALLBACK_SCSV
    - ssl.TLS_NULL_WITH_NULL_NULL
    - ssl.TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
    - ssl.TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
    - ssl.TLS_RSA_EXPORT_WITH_RC4_40_MD5
    - ssl.TLS_RSA_WITH_3DES_EDE_CBC_SHA
    - ssl.TLS_RSA_WITH_AES_128_CBC_SHA256
    - ssl.TLS_RSA_WITH_AES_128_GCM_SHA256
    - ssl.TLS_RSA_WITH_AES_256_CBC_SHA256
    - ssl.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
    - ssl.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
    - ssl.TLS_RSA_WITH_DES_CBC_SHA
    - ssl.TLS_RSA_WITH_IDEA_CBC_SHA
    - ssl.TLS_RSA_WITH_NULL_MD5
    - ssl.TLS_RSA_WITH_NULL_SHA
    - ssl.TLS_RSA_WITH_NULL_SHA256
    - ssl.TLS_RSA_WITH_RC4_128_MD5
    - ssl.TLS_RSA_WITH_RC4_128_SHA
    - ssl.TLS_RSA_WITH_SEED_CBC_SHA
    - ssl.SSL_VARIANT_DATAGRAM
    - ssl.SSL_VARIANT_STREAM
    - ssl.SSL_LIBRARY_VERSION_2
    - ssl.SSL_LIBRARY_VERSION_3_0
    - ssl.SSL_LIBRARY_VERSION_TLS_1_0
    - ssl.SSL_LIBRARY_VERSION_TLS_1_1
    - ssl.SSL_LIBRARY_VERSION_TLS_1_2
    - ssl.SSL_LIBRARY_VERSION_TLS_1_3
    - ssl.ssl2
    - ssl.ssl3
    - ssl.tls1.0
    - ssl.tls1.1
    - ssl.tls1.2
    - ssl.tls1.3

   * The following methods were missing thread locks, this has been fixed.

     - nss.nss_initialize
     - nss.nss_init_context
     - nss.nss_shutdown_context

Mon Jun 16 2014 John Dennis <jdennis@redhat.com> - 0.15.0-1

- resolves: bug#1109769 rebase to 0.15.0
- includes fixes for 1087031 and 1060314
  See doc/Changelog for details

Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.14.0-5
```
- Mass rebuild 2014-01-24
```
Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.14.0-4
```
- Mass rebuild 2013-12-27
```

Fri Oct 18 2013 John Dennis <jdennis@redhat.com> - 0.14.0-3

- resolves: bug#1003979
- In coordination with QE with regards to bz 1019934 it was requested
  the unittest patches be enhanced with a more robust version of
  test_pkcs12, no actual bug, just better testing.

Tue Oct 08 2013 John Dennis <jdennis@redhat.com> - 0.14.0-2

- resolves: bug#1002589
- resolves: bug#1003979

- Rewrite setup_certs.py. No longer behaves like an expect script
  which was fragile. By default now creates a sql style database.
- By default all examples & tests use new sql format for NSS database
- db-name is now used instead of dbdir to provide distinction between
  the database directory and it's scheme (e.g. 'sql:')
- all examples and tests now default db-name to 'sql:pki'
- replaced legacy getopt & optparse command line argument handling
  with modern argparse.

Mon May 13 2013 John Dennis <jdennis@redhat.com> - 0.14-1

External Changes:
  -----------------

  The primary enhancements in this version is support of certifcate
  validation, OCSP support, and support for the certificate "Authority
  Information Access" extension.

  Enhanced certifcate validation including CA certs can be done via
  Certificate.verify() or Certificate.is_ca_cert(). When cert
  validation fails you can now obtain diagnostic information as to why
  the cert failed to validate. This is encapsulated in the
  CertVerifyLog class which is a iterable collection of
  CertVerifyLogNode objects. Most people will probablby just print the
  string representation of the returned CertVerifyLog object. Cert
  validation logging is handled by the Certificate.verify() method.
  Support has also been added for the various key usage and cert type
  entities which feature prominently during cert validation.


  * Certificate() constructor signature changed from

    Certificate(data=None, der_is_signed=True)

    to

    Certificate(data, certdb=cert_get_default_certdb(), perm=False, nickname=None)

    This change was necessary because all certs should be added to the
    NSS temporary database when they are loaded, but earlier code
    failed to to that. It's is not likely that an previous code was
    failing to pass initialization data or the der_is_signed flag so
    this change should be backwards compatible.

  * Fix bug #922247, PKCS12Decoder.database_import() method. Importing into
    a NSS database would sometimes fail or segfault.

  * Error codes and descriptions were updated from upstream NSPR & NSS.

  * The password callback did not allow for breaking out of a password
    prompting loop, now if None is returned from the password callback
    the password prompting is terminated.

  * nss.nss_shutdown_context now called from InitContext destructor,
    this assures the context is shutdown even if the programmer forgot
    to. It's still best to explicitly shut it down, this is just
    failsafe.

  * Support was added for shutdown callbacks.

  * The following classes were added:
    - nss.CertVerifyLogNode
    - nss.CertVerifyLog
    - error.CertVerifyError (exception)
    - nss.AuthorityInfoAccess
    - nss.AuthorityInfoAccesses


  * The following class methods were added:
    - nss.Certificate.is_ca_cert
    - nss.Certificate.verify
    - nss.Certificate.verify_with_log
    - nss.Certificate.get_cert_chain
    - nss.Certificate.check_ocsp_status
    - nss.PK11Slot.list_certs
    - nss.CertVerifyLogNode.format_lines
    - nss.CertVerifyLog.format_lines
    - nss.CRLDistributionPts.format_lines

  * The following class properties were added:
    - nss.CertVerifyLogNode.certificate
    - nss.CertVerifyLogNode.error
    - nss.CertVerifyLogNode.depth
    - nss.CertVerifyLog.count

  * The following module functions were added:
    - nss.x509_cert_type
    - nss.key_usage_flags
    - nss.list_certs
    - nss.find_certs_from_email_addr
    - nss.find_certs_from_nickname
    - nss.nss_get_version
    - nss.nss_version_check
    - nss.set_shutdown_callback
    - nss.get_use_pkix_for_validation
    - nss.set_use_pkix_for_validation
    - nss.enable_ocsp_checking
    - nss.disable_ocsp_checking
    - nss.set_ocsp_cache_settings
    - nss.set_ocsp_failure_mode
    - nss.set_ocsp_timeout
    - nss.clear_ocsp_cache
    - nss.set_ocsp_default_responder
    - nss.enable_ocsp_default_responder
    - nss.disable_ocsp_default_responder

  * The following files were added:
      src/py_traceback.h
      doc/examples/verify_cert.py
      test/test_misc.py

  * The following constants were added:
    - nss.KU_DIGITAL_SIGNATURE
    - nss.KU_NON_REPUDIATION
    - nss.KU_KEY_ENCIPHERMENT
    - nss.KU_DATA_ENCIPHERMENT
    - nss.KU_KEY_AGREEMENT
    - nss.KU_KEY_CERT_SIGN
    - nss.KU_CRL_SIGN
    - nss.KU_ENCIPHER_ONLY
    - nss.KU_ALL
    - nss.KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION
    - nss.KU_KEY_AGREEMENT_OR_ENCIPHERMENT
    - nss.KU_NS_GOVT_APPROVED
    - nss.PK11CertListUnique
    - nss.PK11CertListUser
    - nss.PK11CertListRootUnique
    - nss.PK11CertListCA
    - nss.PK11CertListCAUnique
    - nss.PK11CertListUserUnique
    - nss.PK11CertListAll
    - nss.certUsageSSLClient
    - nss.certUsageSSLServer
    - nss.certUsageSSLServerWithStepUp
    - nss.certUsageSSLCA
    - nss.certUsageEmailSigner
    - nss.certUsageEmailRecipient
    - nss.certUsageObjectSigner
    - nss.certUsageUserCertImport
    - nss.certUsageVerifyCA
    - nss.certUsageProtectedObjectSigner
    - nss.certUsageStatusResponder
    - nss.certUsageAnyCA
    - nss.ocspMode_FailureIsVerificationFailure
    - nss.ocspMode_FailureIsNotAVerificationFailure

  * cert_dump.py extended to print NS_CERT_TYPE_EXTENSION

  * cert_usage_flags, nss_init_flags now support optional repr_kind parameter

  Internal Changes:
  -----------------

  * Reimplement exception handling
    - NSPRError is now derived from StandardException instead of
      EnvironmentError. It was never correct to derive from
      EnvironmentError but was difficult to implement a new subclassed
      exception with it's own attributes, using EnvironmentError had
      been expedient.

    - NSPRError now derived from StandardException, provides:
      * errno (numeric error code)
      * strerror (error description associated with error code)
      * error_message (optional detailed message)
      * error_code (alias for errno)
      * error_desc (alias for strerror)

    - CertVerifyError derived from NSPRError, extends with:
      * usages (bitmask of returned usages)
      * log (CertVerifyLog object)

  * Expose error lookup to sibling modules

  * Use macros for bitmask_to_list functions to reduce code
    duplication and centralize logic.

  * Add repr_kind parameter to cert_trust_flags_str()

  * Add support for repr_kind AsEnumName to bitstring table lookup.

  * Add cert_type_bitstr_to_tuple() lookup function

  * Add PRTimeConvert(), used to convert Python time values
    to PRTime, centralizes conversion logic, reduces duplication

  * Add UTF8OrNoneConvert to better handle unicode parameters which
    are optional.

  * Add Certificate_summary_format_lines() utility to generate
    concise certificate identification info for output.

  * Certificate_new_from_CERTCertificate now takes add_reference parameter
    to properly reference count certs, should fix shutdown busy problems.

  * Add print_traceback(), print_cert() debugging support.

Mon Feb 18 2013 John Dennis <jdennis@redhat.com> - 0.13-1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

Mon Oct 08 2012 John Dennis <jdennis@redhat.com> - 0.13-0

- Update to version 0.13
  Introduced in 0.13:

  * Fix NSS SECITEM_CompareItem bug via workaround.

  * Fix incorrect format strings in PyArg_ParseTuple* for:
    - GeneralName
    - BasicConstraints
    - cert_x509_key_usage

  * Fix bug when decoding certificate BasicConstraints extension

  * Fix hang in setup_certs.

  * For NSS >= 3.13 support CERTDB_TERMINAL_RECORD

  * You can now query for a specific certificate extension
    Certficate.get_extension()

  * The following classes were added:
    - RSAGenParams

  * The following class methods were added:
    - nss.nss.Certificate.get_extension
    - nss.nss.PK11Slot.generate_key_pair
    - nss.nss.DSAPublicKey.format
    - nss.nss.DSAPublicKey.format_lines

  * The following module functions were added:
    - nss.nss.pub_wrap_sym_key

  * The following internal utilities were added:
    - PyString_UTF8
    - SecItem_new_alloc()

  * The following class constructors were modified to accept
    intialization parameters

    - KEYPQGParams (DSA generation parameters)

  * The PublicKey formatting (i.e. format_lines) was augmented
    to format DSA keys (formerly it only recognized RSA keys).

  * Allow lables and values to be justified when printing objects

  * The following were deprecated:
    - nss.nss.make_line_pairs (replaced by nss.nss.make_line_fmt_tuples)

    Deprecated Functionality:
    -------------------------
    - make_line_pairs() has been replaced by make_line_fmt_tuples()
      because 2-valued tuples were not sufficently general. It is
      expected very few programs will have used this function, it's mostly
      used internally but provided as a support utility.

Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12-4
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
```
Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12-3
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
```

Thu Nov 17 2011 John Dennis <jdennis@redhat.com> - 0.12-2

- add patch python-nss-0.12-rsapssparams.patch to fix build problem
  which appears only with nss 3.13 and later.

Mon Jun 06 2011 John Dennis <jdennis@redhat.com> - 0.12-1

* Major new enhancement is additon of PKCS12 support and
    AlgorithmID's.

  * setup.py build enhancements
    - Now searches for the NSS and NSPR header files rather
      than hardcoding their location. This makes building friendlier
      on other systems (i.e. debian)
    - Now takes optional command line arguments, -d or --debug
      will turn on debug options during the build.

  * Fix reference counting bug in PK11_password_callback() which
    contributed to NSS not being able to shutdown due to
    resources still in use.

  * Add UTF-8 support to ssl.config_server_session_id_cache()

  * Added unit tests for cipher, digest, client_server.

  * All unittests now run, added test/run_tests to invoke
    full test suite.

  * Fix bug in test/setup_certs.py, hardcoded full path to
    libnssckbi.so was causing failures on 64-bit systems,
    just use the libnssckbi.so basename, modutil will find
    it on the standard search path.

  * doc/examples/cert_dump.py uses new AlgorithmID class to
    dump Signature Algorithm

  * doc/examples/ssl_example.py now can cleanly shutdown NSS.

  * Exception error messages now include PR error text if available.

  * The following classes were replaced:
    - SignatureAlgorithm replaced by new class AlgorithmID

  * The following classes were added:
    - AlgorithmID
    - PKCS12DecodeItem
    - PKCS12Decoder

  * The following class methods were added:
    - PK11Slot.authenticate()
    - PK11Slot.get_disabled_reason()
    - PK11Slot.has_protected_authentication_path()
    - PK11Slot.has_root_certs()
    - PK11Slot.is_disabled()
    - PK11Slot.is_friendly()
    - PK11Slot.is_internal()
    - PK11Slot.is_logged_in()
    - PK11Slot.is_removable()
    - PK11Slot.logout()
    - PK11Slot.need_login()
    - PK11Slot.need_user_init()
    - PK11Slot.user_disable()
    - PK11Slot.user_enable()
    - PKCS12DecodeItem.format()
    - PKCS12DecodeItem.format_lines()
    - PKCS12Decoder.database_import()
    - PKCS12Decoder.format()
    - PKCS12Decoder.format_lines()

  * The following class properties were added:
    - AlgorithmID.id_oid
    - AlgorithmID.id_str
    - AlgorithmID.id_tag
    - AlgorithmID.parameters
    - PKCS12DecodeItem.certificate
    - PKCS12DecodeItem.friendly_name
    - PKCS12DecodeItem.has_key
    - PKCS12DecodeItem.shroud_algorithm_id
    - PKCS12DecodeItem.signed_cert_der
    - PKCS12DecodeItem.type
    - SignedData.data
    - SignedData.der

  * The following module functions were added:
    - nss.nss.dump_certificate_cache_info()
    - nss.nss.find_slot_by_name()
    - nss.nss.fingerprint_format_lines()
    - nss.nss.get_internal_slot()
    - nss.nss.is_fips()
    - nss.nss.need_pw_init()
    - nss.nss.nss_init_read_write()
    - nss.nss.pk11_disabled_reason_name()
    - nss.nss.pk11_disabled_reason_str()
    - nss.nss.pk11_logout_all()
    - nss.nss.pkcs12_cipher_from_name()
    - nss.nss.pkcs12_cipher_name()
    - nss.nss.pkcs12_enable_all_ciphers()
    - nss.nss.pkcs12_enable_cipher()
    - nss.nss.pkcs12_export()
    - nss.nss.pkcs12_map_cipher()
    - nss.nss.pkcs12_set_nickname_collision_callback()
    - nss.nss.pkcs12_set_preferred_cipher()
    - nss.nss.token_exists()
    - nss.ssl.config_mp_server_sid_cache()
    - nss.ssl.config_server_session_id_cache_with_opt()
    - nss.ssl.get_max_server_cache_locks()
    - nss.ssl.set_max_server_cache_locks()
    - nss.ssl.shutdown_server_session_id_cache()

  * The following constants were added:
    - nss.nss.int.PK11_DIS_COULD_NOT_INIT_TOKEN
    - nss.nss.int.PK11_DIS_NONE
    - nss.nss.int.PK11_DIS_TOKEN_NOT_PRESENT
    - nss.nss.int.PK11_DIS_TOKEN_VERIFY_FAILED
    - nss.nss.int.PK11_DIS_USER_SELECTED
    - nss.nss.int.PKCS12_DES_56
    - nss.nss.int.PKCS12_DES_EDE3_168
    - nss.nss.int.PKCS12_RC2_CBC_128
    - nss.nss.int.PKCS12_RC2_CBC_40
    - nss.nss.int.PKCS12_RC4_128
    - nss.nss.int.PKCS12_RC4_40

  * The following files were added:
    - test/run_tests
    - test/test_cipher.py (replaces cipher_test.py)
    - test/test_client_server.py
    - test/test_digest.py (replaces digest_test.py)
    - test/test_pkcs12.py

  * The following were deprecated:
    - SignatureAlgorithm

Tue Mar 22 2011 John Dennis <jdennis@redhat.com> - 0.11-2

- Resolves: #689059
  Add family parameter to Socket constructors in examples and doc.
  Mark implicit family parameter as deprecated.
  Raise exception if Socket family does not match NetworkAddress family.
  Add --server-subject to setup_certs.py (made testing IPv6 easier without DNS)

Mon Feb 21 2011 John Dennis <jdennis@redhat.com> - 0.11-1

* Better support for IPv6

  * Add AddrInfo class to support IPv6 address resolution. Supports
    iteration over it's set of NetworkAddress objects and provides
    hostname, canonical_name object properties.

  * Add PR_AI_* constants.

  * NetworkAddress constructor and NetworkAddress.set_from_string() added
    optional family parameter. This is necessary for utilizing
    PR_GetAddrInfoByName().

  * NetworkAddress initialized via a string paramter are now initalized via
    PR_GetAddrInfoByName using family.

  * Add NetworkAddress.address property to return the address sans the
    port as a string. NetworkAddress.str() includes the port. For IPv6 the
    a hex string must be enclosed in brackets if a port is appended to it,
    the bracketed hex address with appended with a port is unappropriate
    in some circumstances, hence the new address property to permit either
    the address string with a port or without a port.

  * Fix the implementation of the NetworkAddress.family property, it was
    returning bogus data due to wrong native data size.

  * HostEntry objects now support iteration and indexing of their
    NetworkAddress members.

  * Add io.addr_family_name() function to return string representation of
    PR_AF_* constants.

  * Modify example and test code to utilize AddrInfo instead of deprecated
    NetworkAddress functionality. Add address family command argument to
    ssl_example.

  * Fix pty import statement in test/setup_certs.py

    Deprecated Functionality:
    -------------------------

  * NetworkAddress initialized via a string paramter is now
    deprecated. AddrInfo should be used instead.

  * NetworkAddress.set_from_string is now deprecated. AddrInfo should be
    used instead.

  * NetworkAddress.hostentry is deprecated. It was a bad idea,
    NetworkAddress objects can support both IPv4 and IPv6, but a HostEntry
    object can only support IPv4. Plus the implementation depdended on
    being able to perform a reverse DNS lookup which is not always
    possible.

  * HostEntry.get_network_addresses() and HostEntry.get_network_address()
    are now deprecated. In addition their port parameter is now no longer
    respected. HostEntry objects now support iteration and
    indexing of their NetworkAddress and that should be used to access
    their NetworkAddress objects instead.

Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10-4
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
```

Tue Jan 11 2011 John Dennis <jdennis@redhat.com> - 0.10-3

- Fix all rpmlint warnings
- doc for license, changelog etc. now in main package,
  doc subpackage now only contains api doc, examples, test, etc.
- Filter provides for .so files
- Remove execute permission on everything in docdir
- Capitalize description

Tue Jan 11 2011 John Dennis <jdennis@redhat.com> - 0.10-2

- split documentation out into separate doc sub-package
  and make building api documentation optional

Mon Jan 10 2011 John Dennis <jdennis@redhat.com> - 0.10-1

- The following classes were added:
    InitParameters
    InitContext

-The following module functions were added:
    nss.nss.nss_initialize()
    nss.nss.nss_init_context()
    nss.nss.nss_shutdown_context()
    nss.nss.nss_init_flags()

Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 0.9-9

- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

Fri Jul 16 2010 John Dennis <jdennis@redhat.com> - 0.9-8
```
- add nss_is_initialized()
```

Thu Jul 08 2010 John Dennis <jdennis@redhat.com> - 0.9-7

- Remove nss_init_nodb() when nss modules loads from previous version
  apparently this prevents subsequent calls to nss_init with a
  database to silently fail.
- Clean up some cruft in doc/examples/verify_server.py

Thu Jun 24 2010 John Dennis <jdennis@redhat.com> - 0.9-6

- Invoke nss_init_nodb() when nss modules loads, this prevents segfaults
  in NSS if Python programmer forgot to call one of the NSS
  initialization routines.

- Rename the classes X500Name, X500RDN, X500AVA to DN, RDN, AVA
  respectively.

- DN and RDN objects now return a list of their contents when indexed by
  type, this is to support multi-valued items.

- Fix bug where AVA object's string representation did not include it's
  type.

- Enhance test/test_cert_components.py unit test to test for above
  changes.

- Add CertificateRequest object

Mon Jun 14 2010 John Dennis <jdennis@redhat.com> - 0.9-5

- Fix incomplete read bug (due to read ahead buffer bookkeeping).
- Remove python-nss specific httplib.py, no longer needed
  python-nss now compatible with standard library
- Rewrite httplib_example.py to use standard library and illustrate
  ssl, non-ssl, connection class, http class usage

Wed Jun 09 2010 John Dennis <jdennis@redhat.com> - 0.9-4
```
- add nss.cert_usage_flags(), use it in ssl_example.py
```

Sun Jun 06 2010 John Dennis <jdennis@redhat.com> - 0.9-3

- Add format_lines() & format() methods to the new certificate extension objects.
- Add printing of certificate extensions.
- Add BasicContstraints certificate extension.
- Fix several reference counting and memory problems discovered with valgrind.

Tue Jun 01 2010 John Dennis <jdennis@redhat.com> - 0.9-2

- fold in more ref counting patches from Miloslav Trmač <mitr@redhat.com>
  into upstream.
  Did not bump upstream version, just bumped release ver in this spec file.

Fri May 28 2010 John Dennis <jdennis@redhat.com> - 0.9-1

- Unicode objects now accepted as well as str objects for
  interfaces expecting a string.

- Sockets were enhanced thusly:
    - Threads will now yield during blocking IO.
    - Socket.makefile() reimplemented
          file object methods that had been missing (readlines(), sendall(),
          and iteration) were implemented, makefile now just returns the same
          Socket object but increments an "open" ref count. Thus a Socket
          object behaves like a file object and must be closed once for each
          makefile() call before it's actually closed.
    - Sockets now support the iter protocol
    - Add Socket.readlines(), Socket.sendall()

- The following classes were added:
    AuthKeyID
    BasicConstraints
    CRLDistributionPoint
    CRLDistributionPts
    CertificateExtension
    GeneralName
    SignedCRL
    X500AVA
    X500Name
    X500RDN

- The following module functions were added:
    nss.nss.cert_crl_reason_from_name()
    nss.nss.cert_crl_reason_name()
    nss.nss.cert_general_name_type_from_name()
    nss.nss.cert_general_name_type_name()
    nss.nss.cert_usage_flags()
    nss.nss.decode_der_crl()
    nss.nss.der_universal_secitem_fmt_lines()
    nss.nss.import_crl()
    nss.nss.make_line_pairs()
    nss.nss.oid_dotted_decimal()
    nss.nss.oid_str()
    nss.nss.oid_tag()
    nss.nss.oid_tag_name()
    nss.nss.read_der_from_file()
    nss.nss.x509_alt_name()
    nss.nss.x509_ext_key_usage()
    nss.nss.x509_key_usage()

- The following class methods and properties were added:
  Note: it's a method if the name is suffixed with (), a propety otherwise
    Socket.next()
    Socket.readlines()
    Socket.sendall()
    SSLSocket.next()
    SSLSocket.readlines()
    SSLSocket.sendall()
    AuthKeyID.key_id
    AuthKeyID.serial_number
    AuthKeyID.get_general_names()
    CRLDistributionPoint.issuer
    CRLDistributionPoint.get_general_names()
    CRLDistributionPoint.get_reasons()
    CertDB.find_crl_by_cert()
    CertDB.find_crl_by_name()
    Certificate.extensions
    CertificateExtension.critical
    CertificateExtension.name
    CertificateExtension.oid
    CertificateExtension.oid_tag
    CertificateExtension.value
    GeneralName.type_enum
    GeneralName.type_name
    GeneralName.type_string
    SecItem.der_to_hex()
    SecItem.get_oid_sequence()
    SecItem.to_hex()
    SignedCRL.delete_permanently()
    X500AVA.oid
    X500AVA.oid_tag
    X500AVA.value
    X500AVA.value_str
    X500Name.cert_uid
    X500Name.common_name
    X500Name.country_name
    X500Name.dc_name
    X500Name.email_address
    X500Name.locality_name
    X500Name.org_name
    X500Name.org_unit_name
    X500Name.state_name
    X500Name.add_rdn()
    X500Name.has_key()
    X500RDN.has_key()

- The following module functions were removed:
  Note: use nss.nss.oid_tag() instead
    nss.nss.sec_oid_tag_from_name()
    nss.nss.sec_oid_tag_name()
    nss.nss.sec_oid_tag_str()

- The following files were added:
    doc/examples/cert_dump.py
    test/test_cert_components.py

- Apply patches from  Miloslav Trmač <mitr@redhat.com>
  for ref counting and threading support. Thanks Miloslav!

- Review all ref counting, numerous ref counting fixes

- Implement cyclic garbage collection support by
  adding object traversal and clear methods

- Identify static variables, move to thread local storage

Wed Mar 24 2010 John Dennis <jdennis@redhat.com> - 0.8-2
```
- change %define to %global
```

Mon Sep 21 2009 John Dennis <jdennis@redhat.com> - 0.8-1

- The following methods, properties  and functions were added:
  SecItem.type SecItem.len, SecItem.data
  PK11SymKey.key_data, PK11SymKey.key_length, PK11SymKey.slot
  create_context_by_sym_key
  param_from_iv
  generate_new_param
  get_iv_length
  get_block_size
  get_pad_mechanism
- SecItem's now support indexing and slicing on their data
- Clean up parsing and parameter validation of variable arg functions

Fri Sep 18 2009 John Dennis <jdennis@redhat.com> - 0.7-1

- add support for symmetric encryption/decryption
  more support for digests (hashes)

  The following classes were added:
  PK11SymKey PK11Context

  The following methods and functions were added:
  get_best_wrap_mechanism          get_best_key_length
  key_gen                          derive
  get_key_length                   digest_key
  clone_context                    digest_begin
  digest_op                        cipher_op
  finalize                         digest_final
  read_hex                         hash_buf
  sec_oid_tag_str                  sec_oid_tag_name
  sec_oid_tag_from_name            key_mechanism_type_name
  key_mechanism_type_from_name     pk11_attribute_type_name
  pk11_attribute_type_from_name    get_best_slot
  get_internal_key_slot            create_context_by_sym_key
  import_sym_key                   create_digest_context
  param_from_iv                    param_from_algid
  generate_new_param               algtag_to_mechanism
  mechanism_to_algtag

  The following files were added:
  cipher_test.py digest_test.py

Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-3
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
```
Thu Jul 09 2009 John Dennis <jdennis@redhat.com> - 0.6-2
```
- restore nss.nssinit(), make deprecated
```

Wed Jul 08 2009 John Dennis <jdennis@redhat.com> - 0.6-1

- fix bug #510343 client_auth_data_callback seg faults if False
  is returned from callback

Wed Jul 01 2009 John Dennis <jdennis@redhat.com> - 0.5-1

- restore ssl.nss_init and ssl.nss_shutdown but make them deprecated
  add __version__ string to nss module

Tue Jun 30 2009 John Dennis <jdennis@redhat.com> - 0.4-1

- add binding for NSS_NoDB_Init(), bug #509002
  move nss_init and nss_shutdown from ssl module to nss module

Thu Jun 04 2009 John Dennis <jdennis@redhat.com> - 0.3-1

- installed source code in Mozilla CVS repository
  update URL tag to point to CVS repositoy
  (not yet a valid URL, still have to coordinate with Mozilla)
  minor tweak to src directory layout

Mon Jun 01 2009 John Dennis <jdennis@redhat.com> - 0.2-1

- Convert licensing to MPL tri-license
- apply patch from bug #472805, (Miloslav Trmač)
  Don't allow closing a socket twice, that causes crashes.
  New function nss.io.Socket.new_socket_pair()
  New function nss.io.Socket.poll()
  New function nss.io.Socket.import_tcp_socket()
  New method nss.nss.Certificate.get_subject_common_name()
  New function nss.nss.generate_random()
  Fix return value creation in SSLSocket.get_security_status
  New function nss.ssl.SSLSocket.import_tcp_socket()

Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1-3
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
```
Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.1-2
```
- Rebuild for Python 2.6
```

Tue Sep 09 2008 John Dennis <jdennis@redhat.com> - 0.1-1

- clean up ssl_example.py, fix arg list in get_cert_nicknames,
   make certdir cmd line arg consistent with other NSS tools
- update httplib.py to support client auth, add httplib_example.py which illustrates it's use
- fix some documentation
- fix some type usage which were unsafe on 64-bit

Wed Jul 09 2008 John Dennis <jdennis@redhat.com> - 0.0-2

- add docutils to build requires so restructured text works

Fri Jun 27 2008 John Dennis <jdennis@redhat.com> - 0.0-1
```
- initial release
```