%global build_api_doc 1

%global with_python2 0

%global with_python3 0

%if (0%{?fedora} > 0 && 0%{?fedora} < 32) || (0%{?rhel} > 0 && 0%{?rhel} <= 7)

  %global with_python2 1

%endif

%if 0%{?fedora} || 0%{?rhel} >= 8

  %global with_python3 1

%endif

Name:           python-nss

Version:        1.0.1

Release:        10%{?dist}

Summary:        Python bindings for Network Security Services (NSS)

Group:          Development/Languages

License:        MPLv2.0 or GPLv2+ or LGPLv2+

URL:            https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS

Source0:        https://ftp.mozilla.org/pub/mozilla.org/security/python-nss/releases/PYNSS_RELEASE_1_0_1/src/python-nss-%{version}.tar.bz2

Patch1: sphinx.patch

%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}

%global py2dir %{_builddir}/python2-%{name}-%{version}-%{release}

# we don't want to provide private python extension libs in either

#the python2 or python3 dirs

%global __provides_exclude_from ^(%{python2_sitearch}|%{python3_sitearch})/.*\\.so$

BuildRequires: nspr-devel

BuildRequires: nss-devel

BuildRequires: python3-devel

BuildRequires: python3-sphinx

%global _description\

This package provides Python bindings for Network Security Services\

(NSS) and the Netscape Portable Runtime (NSPR).\

\

NSS is a set of libraries supporting security-enabled client and\

server applications. Applications built with NSS can support SSL v2\

and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3\

certificates, and other security standards. Specific NSS\

implementations have been FIPS-140 certified.

%description %_description

%if %{with_python2}

%package -n python2-nss

BuildRequires: python2-devel

BuildRequires: python2-setuptools

BuildRequires: python2-sphinx

%{?python_provide:%python_provide python2-nss}

Summary: %summary

%{?python_provide:%python_provide python2-nss}

%description -n python2-nss %_description

%endif

%if %{with_python3}

%package -n python3-nss

BuildRequires: python3-devel

BuildRequires: python3-setuptools

BuildRequires: python3-sphinx

%{?python_provide:%python_provide python3-nss}

Summary: Python3 bindings for Network Security Services (NSS)

%description -n python3-nss %_description

%endif

%package doc

Group: Documentation

Summary: API documentation and examples

%description doc

API documentation and examples

%prep

%setup -q

%patch1 -p1

%if %{with_python2}

rm -rf %{py2dir}

cp -a . %{py2dir}

%endif

%build

%if %{with_python2}

pushd %{py2dir}

%py2_build

popd

%endif

%if %{with_python3}

%py3_build

%endif

%if %{build_api_doc}

%{__python3} setup.py build_doc

%endif

%install

rm -rf $RPM_BUILD_ROOT

%if %{with_python2}

pushd %{py2dir}

%py2_install

popd

%endif

%if %{with_python3}

%py3_install

%{__python3} setup.py install_doc --docdir %{docdir} --skip-build --root $RPM_BUILD_ROOT

%endif

# Remove execution permission from any example/test files in docdir

find $RPM_BUILD_ROOT/%{docdir} -type f | xargs chmod a-x

# Set correct permissions on .so files

chmod 0755 $RPM_BUILD_ROOT/%{python3_sitearch}/nss/*.so

%clean

%if %{with_python2}

rm -rf %{py2dir}

%endif

%if %{with_python2}

%files -n python2-nss

%defattr(-,root,root,-)

%{python2_sitearch}/*

%doc %{docdir}/ChangeLog

%doc %{docdir}/LICENSE.gpl

%doc %{docdir}/LICENSE.lgpl

%doc %{docdir}/LICENSE.mpl

%doc %{docdir}/README

%endif

%if %{with_python3}

%files -n python3-nss

%{python3_sitearch}/*

%doc %{docdir}/ChangeLog

%doc %{docdir}/LICENSE.gpl

%doc %{docdir}/LICENSE.lgpl

%doc %{docdir}/LICENSE.mpl

%doc %{docdir}/README

%endif

%files doc

%defattr(-,root,root,-)

%doc %{docdir}/examples

%doc %{docdir}/test

%if %{build_api_doc}

%doc %{docdir}/api

%endif

%changelog

* Fri Jul  6 2018  <jdennis@redhat.com> - 1.0.1-10

- Move documentation generator from epydoc to Sphinx autodoc

- Modify py2/py3 build logic to comply with new guidelines

* Wed Jun 27 2018 Charalampos Stratakis <cstratak@redhat.com> - 1.0.1-9

- Conditionalize the python2 subpackage

* Wed Jun 27 2018 Charalampos Stratakis <cstratak@redhat.com> - 1.0.1-8

- Disable documentation generated by epydoc

* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-7

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Fri Jan 26 2018 Iryna Shcherbina <ishcherb@redhat.com> - 1.0.1-6

- Update Python 2 dependency declarations to new packaging standards

  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)

* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.0.1-5

- Python 2 binary package renamed to python2-nss

  See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Fri Jul 07 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.0.1-2

- Rebuild due to bug in RPM (RHBZ #1468476)

* Tue Feb 28 2017 John Dennis <jdennis@redhat.com> - 1.0.1-1

  * Add TLS 1.3 cipher suites.

  * ssl_cipher_info.py now attempts to enable TLS 1.3.

  * Fix build issue in setup.py. python-nss can now be build

    as Python wheel, e.g. `pip wheel -w dist .`

  * The following constants were added:

    - ssl.TLS_AES_128_GCM_SHA256

    - ssl.TLS_AES_256_GCM_SHA384

    - ssl.TLS_CHACHA20_POLY1305_SHA256

* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.0.0-3

- Rebuild for Python 3.6

* Tue Sep 27 2016 John Dennis <jdennis@redhat.com> - 1.0.0-2

- remove reference to unused tls_chacha20-poly1305-constants.patch

* Thu Sep  1 2016 John Dennis <jdennis@redhat.com> - 1.0.0-1

- Offical 1.0.0 release, only minor tweaks from 1.0.0beta1

- Allow custom include root in setup.py as command line arg

- Remove checks for whether a socket is open for reading. It's not

  possible for the binding to know in all cases, especially if the

  socket is created from an external socket passed in.

  * The following module functions were added:

      - nss.get_all_tokens

* Mon Aug 15 2016 John Dennis <jdennis@redhat.com> - 1.0.0-beta1.2.3

- add tls chacha20 poly1305 constants

* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-beta1.2.2

- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-beta1.2.1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-beta1.2

- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5

* Fri Nov  6 2015 John Dennis <jdennis@redhat.com> - 1.0.0-beta1.1

- Resolves: bug #985290 Port to Python3

- Upgrade to upstream 1.0.0-beta1

  python-nss now supports both Py2 and Py3, see ChangeLog for details

  When built for Py2:

   - text will be a Unicode object

   - binary data will be a str object

   - ints will be Python long object

  When built for Py3:

   - text will be a str object

   - binary data will be a bytes object

   - ints will be a Python int object

* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.16.0-1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Tue Oct 28 2014 John Dennis <jdennis@redhat.com> - 0.16.0-0

  The primary enhancements in this version is adding support for the

  setting trust attributes on a Certificate, the SSL version range API,

  information on the SSL cipher suites and information on the SSL connection.

  * The following module functions were added:

    - ssl.get_ssl_version_from_major_minor

    - ssl.get_default_ssl_version_range

    - ssl.get_supported_ssl_version_range

    - ssl.set_default_ssl_version_range

    - ssl.ssl_library_version_from_name

    - ssl.ssl_library_version_name

    - ssl.get_cipher_suite_info

    - ssl.ssl_cipher_suite_name

    - ssl.ssl_cipher_suite_from_name

  * The following deprecated module functions were removed:

    - ssl.nssinit

    - ssl.nss_ini

    - ssl.nss_shutdown

  * The following classes were added:

    - SSLCipherSuiteInfo

    - SSLChannelInfo

  * The following class methods were added:

    - Certificate.trust_flags

    - Certificate.set_trust_attributes

    - SSLSocket.set_ssl_version_range

    - SSLSocket.get_ssl_version_range

    - SSLSocket.get_ssl_channel_info

    - SSLSocket.get_negotiated_host

    - SSLSocket.connection_info_format_lines

    - SSLSocket.connection_info_format

    - SSLSocket.connection_info_str

    - SSLCipherSuiteInfo.format_lines

    - SSLCipherSuiteInfo.format

    - SSLChannelInfo.format_lines

    - SSLChannelInfo.format

  * The following class properties were added:

    - Certificate.ssl_trust_flags

    - Certificate.email_trust_flags

    - Certificate.signing_trust_flags

    - SSLCipherSuiteInfo.cipher_suite

    - SSLCipherSuiteInfo.cipher_suite_name

    - SSLCipherSuiteInfo.auth_algorithm

    - SSLCipherSuiteInfo.auth_algorithm_name

    - SSLCipherSuiteInfo.kea_type

    - SSLCipherSuiteInfo.kea_type_name

    - SSLCipherSuiteInfo.symmetric_cipher

    - SSLCipherSuiteInfo.symmetric_cipher_name

    - SSLCipherSuiteInfo.symmetric_key_bits

    - SSLCipherSuiteInfo.symmetric_key_space

    - SSLCipherSuiteInfo.effective_key_bits

    - SSLCipherSuiteInfo.mac_algorithm

    - SSLCipherSuiteInfo.mac_algorithm_name

    - SSLCipherSuiteInfo.mac_bits

    - SSLCipherSuiteInfo.is_fips

    - SSLCipherSuiteInfo.is_exportable

    - SSLCipherSuiteInfo.is_nonstandard

    - SSLChannelInfo.protocol_version

    - SSLChannelInfo.protocol_version_str

    - SSLChannelInfo.protocol_version_enum

    - SSLChannelInfo.major_protocol_version

    - SSLChannelInfo.minor_protocol_version

    - SSLChannelInfo.cipher_suite

    - SSLChannelInfo.auth_key_bits

    - SSLChannelInfo.kea_key_bits

    - SSLChannelInfo.creation_time

    - SSLChannelInfo.creation_time_utc

    - SSLChannelInfo.last_access_time

    - SSLChannelInfo.last_access_time_utc

    - SSLChannelInfo.expiration_time

    - SSLChannelInfo.expiration_time_utc

    - SSLChannelInfo.compression_method

    - SSLChannelInfo.compression_method_name

    - SSLChannelInfo.session_id

  * The following files were added:

    - doc/examples/cert_trust.py

    - doc/examples/ssl_version_range.py

  * The following constants were added:

    - nss.CERTDB_TERMINAL_RECORD

    - nss.CERTDB_VALID_PEER

    - nss.CERTDB_TRUSTED

    - nss.CERTDB_SEND_WARN

    - nss.CERTDB_VALID_CA

    - nss.CERTDB_TRUSTED_CA

    - nss.CERTDB_NS_TRUSTED_CA

    - nss.CERTDB_USER

    - nss.CERTDB_TRUSTED_CLIENT_CA

    - nss.CERTDB_GOVT_APPROVED_CA

    - ssl.SRTP_AES128_CM_HMAC_SHA1_32

    - ssl.SRTP_AES128_CM_HMAC_SHA1_80

    - ssl.SRTP_NULL_HMAC_SHA1_32

    - ssl.SRTP_NULL_HMAC_SHA1_80

    - ssl.SSL_CK_DES_192_EDE3_CBC_WITH_MD5

    - ssl.SSL_CK_DES_64_CBC_WITH_MD5

    - ssl.SSL_CK_IDEA_128_CBC_WITH_MD5

    - ssl.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5

    - ssl.SSL_CK_RC2_128_CBC_WITH_MD5

    - ssl.SSL_CK_RC4_128_EXPORT40_WITH_MD5

    - ssl.SSL_CK_RC4_128_WITH_MD5

    - ssl.SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA

    - ssl.SSL_FORTEZZA_DMS_WITH_NULL_SHA

    - ssl.SSL_FORTEZZA_DMS_WITH_RC4_128_SHA

    - ssl.SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA

    - ssl.SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA

    - ssl.TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

    - ssl.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DHE_DSS_WITH_DES_CBC_SHA

    - ssl.TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

    - ssl.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

    - ssl.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DHE_RSA_WITH_DES_CBC_SHA

    - ssl.TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DH_DSS_WITH_DES_CBC_SHA

    - ssl.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DH_RSA_WITH_DES_CBC_SHA

    - ssl.TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_DH_anon_EXPORT_WITH_RC4_40_MD5

    - ssl.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_DH_anon_WITH_AES_128_CBC_SHA

    - ssl.TLS_DH_anon_WITH_AES_256_CBC_SHA

    - ssl.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_DH_anon_WITH_DES_CBC_SHA

    - ssl.TLS_DH_anon_WITH_RC4_128_MD5

    - ssl.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

    - ssl.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

    - ssl.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_EMPTY_RENEGOTIATION_INFO_SCSV

    - ssl.TLS_FALLBACK_SCSV

    - ssl.TLS_NULL_WITH_NULL_NULL

    - ssl.TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

    - ssl.TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

    - ssl.TLS_RSA_EXPORT_WITH_RC4_40_MD5

    - ssl.TLS_RSA_WITH_3DES_EDE_CBC_SHA

    - ssl.TLS_RSA_WITH_AES_128_CBC_SHA256

    - ssl.TLS_RSA_WITH_AES_128_GCM_SHA256

    - ssl.TLS_RSA_WITH_AES_256_CBC_SHA256

    - ssl.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

    - ssl.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

    - ssl.TLS_RSA_WITH_DES_CBC_SHA

    - ssl.TLS_RSA_WITH_IDEA_CBC_SHA

    - ssl.TLS_RSA_WITH_NULL_MD5

    - ssl.TLS_RSA_WITH_NULL_SHA

    - ssl.TLS_RSA_WITH_NULL_SHA256

    - ssl.TLS_RSA_WITH_RC4_128_MD5

    - ssl.TLS_RSA_WITH_RC4_128_SHA

    - ssl.TLS_RSA_WITH_SEED_CBC_SHA

    - ssl.SSL_VARIANT_DATAGRAM

    - ssl.SSL_VARIANT_STREAM

    - ssl.SSL_LIBRARY_VERSION_2

    - ssl.SSL_LIBRARY_VERSION_3_0

    - ssl.SSL_LIBRARY_VERSION_TLS_1_0

    - ssl.SSL_LIBRARY_VERSION_TLS_1_1

    - ssl.SSL_LIBRARY_VERSION_TLS_1_2

    - ssl.SSL_LIBRARY_VERSION_TLS_1_3

    - ssl.ssl2

    - ssl.ssl3

    - ssl.tls1.0

    - ssl.tls1.1

    - ssl.tls1.2

    - ssl.tls1.3

   * The following methods were missing thread locks, this has been fixed.

     - nss.nss_initialize

     - nss.nss_init_context

     - nss.nss_shutdown_context

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.0-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Mon Jun 30 2014 Toshio Kuratomi <toshio@fedoraproject.org> - 0.15.0-4

- Replace python-setuptools-devel BR with python-setuptools

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.0-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Fri May  2 2014 John Dennis <jdennis@redhat.com> - 0.15.0-2

- resolves bug #1087031, bad parameter spec for check_ocsp_status

* Fri Jan 31 2014 John Dennis <jdennis@redhat.com> - 0.15.0-1

- fix fedora bug 1060314, CSR extensions sometimes not found

  Also adds support for accessing CSR attributes.

  See doc/Changelog for details

* Wed Nov 13 2013 Ville Skyttä <ville.skytta@iki.fi> - 0.14.0-3

- Install docs to %%{_pkgdocdir} where available (#994060).

* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.14.0-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Mon May 13 2013 John Dennis <jdennis@redhat.com> - 0.14-1

  External Changes:

  -----------------

  The primary enhancements in this version is support of certifcate

  validation, OCSP support, and support for the certificate "Authority

  Information Access" extension.

  Enhanced certifcate validation including CA certs can be done via

  Certificate.verify() or Certificate.is_ca_cert(). When cert

  validation fails you can now obtain diagnostic information as to why

  the cert failed to validate. This is encapsulated in the

  CertVerifyLog class which is a iterable collection of

  CertVerifyLogNode objects. Most people will probablby just print the

  string representation of the returned CertVerifyLog object. Cert

  validation logging is handled by the Certificate.verify() method.

  Support has also been added for the various key usage and cert type

  entities which feature prominently during cert validation.

  * Certificate() constructor signature changed from

    Certificate(data=None, der_is_signed=True)

    to

    Certificate(data, certdb=cert_get_default_certdb(), perm=False, nickname=None)

    This change was necessary because all certs should be added to the

    NSS temporary database when they are loaded, but earlier code

    failed to to that. It's is not likely that an previous code was

    failing to pass initialization data or the der_is_signed flag so

    this change should be backwards compatible.

  * Fix bug #922247, PKCS12Decoder.database_import() method. Importing into

    a NSS database would sometimes fail or segfault.

  * Error codes and descriptions were updated from upstream NSPR & NSS.

  * The password callback did not allow for breaking out of a password

    prompting loop, now if None is returned from the password callback

    the password prompting is terminated.

  * nss.nss_shutdown_context now called from InitContext destructor,

    this assures the context is shutdown even if the programmer forgot

    to. It's still best to explicitly shut it down, this is just

    failsafe.

  * Support was added for shutdown callbacks.

  * The following classes were added:

    - nss.CertVerifyLogNode

    - nss.CertVerifyLog

    - error.CertVerifyError (exception)

    - nss.AuthorityInfoAccess

    - nss.AuthorityInfoAccesses

  * The following class methods were added:

    - nss.Certificate.is_ca_cert

    - nss.Certificate.verify

    - nss.Certificate.verify_with_log

    - nss.Certificate.get_cert_chain

    - nss.Certificate.check_ocsp_status

    - nss.PK11Slot.list_certs

    - nss.CertVerifyLogNode.format_lines

    - nss.CertVerifyLog.format_lines

    - nss.CRLDistributionPts.format_lines

  * The following class properties were added:

    - nss.CertVerifyLogNode.certificate

    - nss.CertVerifyLogNode.error

    - nss.CertVerifyLogNode.depth

    - nss.CertVerifyLog.count

  * The following module functions were added:

    - nss.x509_cert_type

    - nss.key_usage_flags

    - nss.list_certs

    - nss.find_certs_from_email_addr

    - nss.find_certs_from_nickname

    - nss.nss_get_version

    - nss.nss_version_check

    - nss.set_shutdown_callback

    - nss.get_use_pkix_for_validation

    - nss.set_use_pkix_for_validation

    - nss.enable_ocsp_checking

    - nss.disable_ocsp_checking

    - nss.set_ocsp_cache_settings

    - nss.set_ocsp_failure_mode

    - nss.set_ocsp_timeout

    - nss.clear_ocsp_cache

    - nss.set_ocsp_default_responder

    - nss.enable_ocsp_default_responder

    - nss.disable_ocsp_default_responder

  * The following files were added:

      src/py_traceback.h

      doc/examples/verify_cert.py

      test/test_misc.py

  * The following constants were added:

    - nss.KU_DIGITAL_SIGNATURE

    - nss.KU_NON_REPUDIATION

    - nss.KU_KEY_ENCIPHERMENT

    - nss.KU_DATA_ENCIPHERMENT

    - nss.KU_KEY_AGREEMENT

    - nss.KU_KEY_CERT_SIGN

    - nss.KU_CRL_SIGN

    - nss.KU_ENCIPHER_ONLY

    - nss.KU_ALL

    - nss.KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION

    - nss.KU_KEY_AGREEMENT_OR_ENCIPHERMENT

    - nss.KU_NS_GOVT_APPROVED

    - nss.PK11CertListUnique

    - nss.PK11CertListUser

    - nss.PK11CertListRootUnique

    - nss.PK11CertListCA

    - nss.PK11CertListCAUnique

    - nss.PK11CertListUserUnique

    - nss.PK11CertListAll

    - nss.certUsageSSLClient

    - nss.certUsageSSLServer

    - nss.certUsageSSLServerWithStepUp

    - nss.certUsageSSLCA

    - nss.certUsageEmailSigner

    - nss.certUsageEmailRecipient

    - nss.certUsageObjectSigner

    - nss.certUsageUserCertImport

    - nss.certUsageVerifyCA

    - nss.certUsageProtectedObjectSigner

    - nss.certUsageStatusResponder

    - nss.certUsageAnyCA

    - nss.ocspMode_FailureIsVerificationFailure

    - nss.ocspMode_FailureIsNotAVerificationFailure

  * cert_dump.py extended to print NS_CERT_TYPE_EXTENSION

  * cert_usage_flags, nss_init_flags now support optional repr_kind parameter

  Internal Changes:

  -----------------

  * Reimplement exception handling

    - NSPRError is now derived from StandardException instead of

      EnvironmentError. It was never correct to derive from

      EnvironmentError but was difficult to implement a new subclassed

      exception with it's own attributes, using EnvironmentError had

      been expedient.

    - NSPRError now derived from StandardException, provides:

      * errno (numeric error code)

      * strerror (error description associated with error code)

      * error_message (optional detailed message)

      * error_code (alias for errno)

      * error_desc (alias for strerror)

    - CertVerifyError derived from NSPRError, extends with:

      * usages (bitmask of returned usages)

      * log (CertVerifyLog object)

  * Expose error lookup to sibling modules

  * Use macros for bitmask_to_list functions to reduce code

    duplication and centralize logic.

  * Add repr_kind parameter to cert_trust_flags_str()

  * Add support for repr_kind AsEnumName to bitstring table lookup.

  * Add cert_type_bitstr_to_tuple() lookup function

  * Add PRTimeConvert(), used to convert Python time values

    to PRTime, centralizes conversion logic, reduces duplication

  * Add UTF8OrNoneConvert to better handle unicode parameters which

    are optional.

  * Add Certificate_summary_format_lines() utility to generate

    concise certificate identification info for output.

  * Certificate_new_from_CERTCertificate now takes add_reference parameter

    to properly reference count certs, should fix shutdown busy problems.

  * Add print_traceback(), print_cert() debugging support.

* Mon Feb 18 2013 John Dennis <jdennis@redhat.com> - 0.13-1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Mon Oct  8 2012 John Dennis <jdennis@redhat.com> - 0.13-0

- Update to version 0.13

  Introduced in 0.13:

  * Fix NSS SECITEM_CompareItem bug via workaround.

  * Fix incorrect format strings in PyArg_ParseTuple* for:

    - GeneralName

    - BasicConstraints

    - cert_x509_key_usage

  * Fix bug when decoding certificate BasicConstraints extension

  * Fix hang in setup_certs.

  * For NSS >= 3.13 support CERTDB_TERMINAL_RECORD

  * You can now query for a specific certificate extension

    Certficate.get_extension()

  * The following classes were added:

    - RSAGenParams

  * The following class methods were added:

    - nss.nss.Certificate.get_extension

    - nss.nss.PK11Slot.generate_key_pair

    - nss.nss.DSAPublicKey.format

    - nss.nss.DSAPublicKey.format_lines

  * The following module functions were added:

    - nss.nss.pub_wrap_sym_key

  * The following internal utilities were added:

    - PyString_UTF8

    - SecItem_new_alloc()

  * The following class constructors were modified to accept

    intialization parameters