Build Instructions for NSS 3.2 Release
Newsgroup: mozilla.dev.tech.cryptoMain technical contact: Ian McGreer
Manager: Wan-Teh Chang
The instructions that follow describe how to build the standalone NSS libraries (including a new implementation of RSA) without the BSAFE library. These instructions have been tested on Unix and Windows. They will be updated as testing proceeds on other platforms.
For detailed information about the NSS 3.2 release, see NSS 3.2 Release Notes.
To build NSS with the RSA BSAFE Crypto-C library, first follow the instructions at Build Instructions for NSS Using RSA BSAFE Crypto-C, then continue with the instructions on this page.
Important: Before you build NSS, you should be familiar with the Mozilla CVS system; see source code via CVS for details.
Perl Version:You must be using Perl 5.004 or greater for the instructions given here to work correctly.
NSPR Version: NSS 3.2 is compatible with NSPR 4.0.1 or higher. We recommend using NSPR 4.1, as shown in the build instructions below. However, it's possible to use other NSPR tags, such as NSPRPUB_RELEASE_4_0_1 or NSPRPUB_CLIENT_BRANCH.
Unix Build Instructions
Windows Build Instructions
Basic Tests
Unix Build Instructions
The following procedure performs a debug build using the GNU C compiler (gcc). See the notes that follow on how to generate an optimized build or choose a native compiler.
To build NSS and the necessary components from Mozilla on Unix/Linux without pulling and configuring the entire Mozilla source tree, follow these steps:
Note: Before building NSS 3.2, make sure that the MOZILLA_CLIENT environment variable is not defined.
- setenv CVSROOT :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
- cvs login
At the password prompt, type anonymous
- cvs co -r NSS_3_2_RTM mozilla/client.mk
- cd mozilla
- gmake -f client.mk pull_all BUILD_MODULES=dbm MOZ_CO_TAG=NSS_3_2_RTM NSPR_CO_TAG=NSPRPUB_RELEASE_4_1
This step pulls NSPR and dbm (the modules that NSS requires).
- For Linux only:
./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm --disable-elf-dynstr-gc
For the following platforms, only the native compiler is supported, requiring the following modifications:- Solaris:
env CC=cc CXX=CC ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm
- AIX:
env CC=xlC_r CXX=xlC_r ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm
- HP-UX:
env CC=cc CXX=aCC ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm
- OSF1:
env CC=cc CXX=cxx ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm
- Solaris:
- gmake
Builds NSPR and dbm.
- cd ..
- cvs co -r NSS_3_2_RTM mozilla/security/coreconf mozilla/security/nss
Pulls the NSS module with the CVS tag for the NSS 3.2 release.
- cd mozilla/security/coreconf
- gmake
Builds nsinstall, which is used by the NSS build system.
- cd ../nss
- gmake moz_import
Tells NSS where to find the NSPR and dbm header files and libraries.
- gmake
Builds NSS.
Generating an Optimized Build
The above procedure generates a debug build (the default). To perform an optimized
build, modify the procedure as follows:
- In step 6, add these options to the configure script command line:
--disable-debug --enable-optimize
- Before step 11, do this:
setenv BUILD_OPT 1
Choosing a Compiler
By default, mozilla's configure script uses the GNU C compiler (gcc) while NSS uses the native C amd C++ compilers. NSS does not support GCC at all except for Linux.If you would like to add GCC support for a particular platform, let us know. In this case you need to run mozilla's configure script without the added environment variable, as follows:
- ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm
Also, before Step 10 above you must specify GCC as the compiler again by setting the following environment variables:
- setenv NS_USE_GCC 1
setenv NO_MDUPDATE 1
- env CC=cc CXX=CC ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm
Windows Build Instructions
The Windows build procedure requires the following tools:- MASM (ml.exe).
Make sure you have you have Visual C++ Pro. If you have the standard version, these instructions might not work.- If you're not sure you have Service Pack 5 already installed, go to http://msdn.microsoft.com/vstudio/sp/vs6sp5/full.asp?id=01 and install it anyway.
- Then go to http://msdn.microsoft.com/vstudio/downloads/ppack/download.asp and click on the link to download the VCPP for Service Pack 5.
It the above information doesn't work for you, there is more information about pc tools available at http://www.easystreet.com/~jkirwan/pctools.html
Note: Before building NSS 3.2, make sure that the MOZILLA_CLIENT environment variable is not defined.
- Set up the environment variables as described in the section "Set Up the Build Environment" of
Building Mozilla on Microsoft Windows 32-bit platforms.
- Set CVSROOT.
set CVSROOT=:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
- Log into CVS.
cvs login
At the password prompt, type anonymous
- Set the environment variables that control the kind of build:
- set OS_TARGET=WIN95
- NSS and the Mozilla dbm have different build options for indicating
whether you want to generate a debug or optimized build. Therefore, the outcome depends on the way you
combine several variables.
In the following table, RTL stands for the C run-time library of MSVC, "debug RTL" corresponds to the /MDd compiler option, and "release RTL" corresponds to the /MD compiler option. To achieve the result shown in the left column, you must set the environment variables as shown in both the other columns of the same row.
Build type Mozillas dbm NSS Debug, debug RTL set MOZ_DEBUG=1 set USE_DEBUG_RTL=1 Debug, release RTL set MOZ_DEBUG=1
set MOZ_NO_DEBUG_RTL=1None Optimized (release RTL) None set BUILD_OPT=1
- set OS_TARGET=WIN95
- Pull the following files (mozilla/config contains shared makefiles, mozilla/nsprpub
is a module that dbm depends on, and mozilla/dbm is the dbm module itself):
cvs co -r NSS_3_2_RTM mozilla/config
cvs co -r NSPRPUB_RELEASE_4_1 mozilla/nsprpub
cvs co -r NSS_3_2_RTM mozilla/dbm
- Build NSPR and then dbm:
cd mozilla\nsprpub
nmake /f makefile.win
cd ..\dbm
nmake /f makefile.win
- Pull the NSS module with the CVS tag for the NSS 3.2 release:
cd ..\..
cvs co -r NSS_3_2_RTM mozilla/security/coreconf mozilla/security/nss
- cd mozilla\security\nss
Note: It's not necessary to build nsinstall on Windows.
- gmake moz_import
Tells NSS where to find the NSPR and dbm header files and libraries.
- gmake
Builds NSS.
Basic Tests
Once you have successfully built NSS, follow these steps to test the core functionality of the certutil tool and the setup and use of a basic SSL connection:- Build NSS as described above and make sure that mozilla/dist/$(OBJDIR)/lib is in
your shared library search path, which is specified
by the LD_LIBRARY_PATH environment variable on most
Unix platforms, by SHLIB_PATH on HP-UX, by LIBPATH
on AIX, and by PATH on Windows.
- cd mozilla/security/nss/cmd/SSLsample
- gmake
- To create an SSL server certificate, you will need to include the host and domain names of the
host you want to run the server on. For example, if your machine name is myhost.domain.com,
you would set the two variables as follows:
setenv HOSTNAME myhost (on UNIX this is most likely set already)
setenv MYDOMAIN domain.com
These variables must be set correctly for your SSL server to work.
- sh gencerts
gencerts is a shell script that will generate a CA certificate, an SSL server certificate, and an SSL client certificate.
- You are now ready to run the sample SSL server. This is a sample command line:
server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
- You can now connect to the server with client processes. This is a sample command line:
client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 myhost.domain.com