nss: delete more NSS references

Fix the distcheck CI failure and delete more NSS references.

Follow-up to 7c8bae0d9c9b2dfeeb008b9a316117d7b9675175

Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Closes #11548

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6a73e8caa636de1377d99e012a339cd1e6736ed3..0327bfb3f7af453c383d5ebe939fba0e72ae7908 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -52,7 +52,6 @@
 #   HAVE_RAND_EGD: `RAND_egd` present in OpenSSL
 #   HAVE_AWSLC: OpenSSL is AWS-LC
 #   HAVE_BORINGSSL: OpenSSL is BoringSSL
-#   HAVE_PK11_CREATEMANAGEDGENERICOBJECTL: `PK11_CreateManagedGenericObject` present in NSS
 #   HAVE_SSL_CTX_SET_QUIC_METHOD: `SSL_CTX_set_quic_method` present in OpenSSL/wolfSSL
 #   HAVE_QUICHE_CONN_SET_QLOG_FD: `quiche_conn_set_qlog_fd` present in QUICHE
 #   HAVE_ZSTD_CREATEDSTREAM: `ZSTD_createDStream` present in Zstd

diff --git a/Makefile.am b/Makefile.am
index f25e4e2f0ed4de583b02a35a3d8fcf8c69592e50..fa20363bdf9e503fbf9a215042fab234344e8ea7 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -43,7 +43,6 @@ CMAKE_DIST =                                    \
  CMake/FindNGHTTP2.cmake                        \
  CMake/FindNGHTTP3.cmake                        \
  CMake/FindNGTCP2.cmake                         \
- CMake/FindNSS.cmake                            \
  CMake/FindQUICHE.cmake                         \
  CMake/FindWolfSSL.cmake                        \
  CMake/FindZstd.cmake                           \

diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md
index 6029378e1c027e38d82815fb5e77f515910d2c37..4b4560a60e53727136d7dd20b4156af37cbe98d3 100644 (file)
--- a/docs/CIPHERS.md
+++ b/docs/CIPHERS.md
@@ -165,118 +165,6 @@ When specifying multiple cipher names, separate them with colon (`:`).
 `TLS_AES_128_CCM_8_SHA256`
 `TLS_AES_128_CCM_SHA256`
 
-## NSS
-
-### Totally insecure
-
-`rc4`
-`rc4-md5`
-`rc4export`
-`rc2`
-`rc2export`
-`des`
-`desede3`
-
-### SSL3/TLS cipher suites
-
-`rsa_rc4_128_md5`
-`rsa_rc4_128_sha`
-`rsa_3des_sha`
-`rsa_des_sha`
-`rsa_rc4_40_md5`
-`rsa_rc2_40_md5`
-`rsa_null_md5`
-`rsa_null_sha`
-`fips_3des_sha`
-`fips_des_sha`
-`fortezza`
-`fortezza_rc4_128_sha`
-`fortezza_null`
-
-### TLS 1.0 Exportable 56-bit Cipher Suites
-
-`rsa_des_56_sha`
-`rsa_rc4_56_sha`
-
-### AES ciphers
-
-`dhe_dss_aes_128_cbc_sha`
-`dhe_dss_aes_256_cbc_sha`
-`dhe_rsa_aes_128_cbc_sha`
-`dhe_rsa_aes_256_cbc_sha`
-`rsa_aes_128_sha`
-`rsa_aes_256_sha`
-
-### ECC ciphers
-
-`ecdh_ecdsa_null_sha`
-`ecdh_ecdsa_rc4_128_sha`
-`ecdh_ecdsa_3des_sha`
-`ecdh_ecdsa_aes_128_sha`
-`ecdh_ecdsa_aes_256_sha`
-`ecdhe_ecdsa_null_sha`
-`ecdhe_ecdsa_rc4_128_sha`
-`ecdhe_ecdsa_3des_sha`
-`ecdhe_ecdsa_aes_128_sha`
-`ecdhe_ecdsa_aes_256_sha`
-`ecdh_rsa_null_sha`
-`ecdh_rsa_128_sha`
-`ecdh_rsa_3des_sha`
-`ecdh_rsa_aes_128_sha`
-`ecdh_rsa_aes_256_sha`
-`ecdhe_rsa_null`
-`ecdhe_rsa_rc4_128_sha`
-`ecdhe_rsa_3des_sha`
-`ecdhe_rsa_aes_128_sha`
-`ecdhe_rsa_aes_256_sha`
-`ecdh_anon_null_sha`
-`ecdh_anon_rc4_128sha`
-`ecdh_anon_3des_sha`
-`ecdh_anon_aes_128_sha`
-`ecdh_anon_aes_256_sha`
-
-### HMAC-SHA256 cipher suites
-
-`rsa_null_sha_256`
-`rsa_aes_128_cbc_sha_256`
-`rsa_aes_256_cbc_sha_256`
-`dhe_rsa_aes_128_cbc_sha_256`
-`dhe_rsa_aes_256_cbc_sha_256`
-`ecdhe_ecdsa_aes_128_cbc_sha_256`
-`ecdhe_rsa_aes_128_cbc_sha_256`
-
-### AES GCM cipher suites in RFC 5288 and RFC 5289
-
-`rsa_aes_128_gcm_sha_256`
-`dhe_rsa_aes_128_gcm_sha_256`
-`dhe_dss_aes_128_gcm_sha_256`
-`ecdhe_ecdsa_aes_128_gcm_sha_256`
-`ecdh_ecdsa_aes_128_gcm_sha_256`
-`ecdhe_rsa_aes_128_gcm_sha_256`
-`ecdh_rsa_aes_128_gcm_sha_256`
-
-### cipher suites using SHA384
-
-`rsa_aes_256_gcm_sha_384`
-`dhe_rsa_aes_256_gcm_sha_384`
-`dhe_dss_aes_256_gcm_sha_384`
-`ecdhe_ecdsa_aes_256_sha_384`
-`ecdhe_rsa_aes_256_sha_384`
-`ecdhe_ecdsa_aes_256_gcm_sha_384`
-`ecdhe_rsa_aes_256_gcm_sha_384`
-
-### chacha20-poly1305 cipher suites
-
-`ecdhe_rsa_chacha20_poly1305_sha_256`
-`ecdhe_ecdsa_chacha20_poly1305_sha_256`
-`dhe_rsa_chacha20_poly1305_sha_256`
-
-### TLS 1.3 cipher suites
-
-`aes_128_gcm_sha_256`
-`aes_256_gcm_sha_384`
-`chacha20_poly1305_sha_256`
-
 ## GSKit
 
 Ciphers are internally defined as [numeric

diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3 b/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3
index 0ef75ba82fe00a4517b80612ec7880e4c512c70d..73443dcf59f4439c9c31190e380a2750dd0c4e18 100644 (file)
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3
@@ -84,9 +84,6 @@ a TLS extension that sends the hostname to the server. The server may use that
 information to do such things as sending back a specific certificate for the
 hostname, or forwarding the request to a specific origin server. Some hostnames
 may be inaccessible if SNI is not sent.
-
-NSS: If \fICURLOPT_SSL_VERIFYPEER(3)\fP is zero,
-\fICURLOPT_SSL_VERIFYHOST(3)\fP is also set to zero and cannot be overridden.
 .SH DEFAULT
 2
 .SH PROTOCOLS

diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
index 82028bd41af3002386a034e03e8793fc814631ac..1374e42b00973a3b7a1b440f45954d49bb8dceff 100644 (file)
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@@ -688,9 +688,6 @@ ${SIZEOF_TIME_T_CODE}
 /* If you want to build curl with the built-in manual */
 #cmakedefine USE_MANUAL 1
 
-/* if you have the PK11_CreateManagedGenericObject function */
-#cmakedefine HAVE_PK11_CREATEMANAGEDGENERICOBJECT 1
-
 /* if you want to use OpenLDAP code instead of legacy ldap implementation */
 #cmakedefine USE_OPENLDAP 1
 

diff --git a/tests/data/test1470 b/tests/data/test1470
index c9dd8f46751bde11ca18e5f8b402e44f67d586a5..30f539d4bcbab60476c7dcfcd673ab3a27b3efd4 100644 (file)
--- a/tests/data/test1470
+++ b/tests/data/test1470
@@ -35,7 +35,6 @@ Funny-head: yesyes
 <features>
 proxy
 unix-sockets
-!NSS
 </features>
 <server>
 https