Daniel Gustafsson has done some terrific work on using NSS as an alternative TLS library to OpenSSL for PostgreSQL. I’ve done some work making that build and run on Windows. Daniel recently asked how to get a working NSS on Windows to use for development, and this blog is about that process.
First you need to start with a clean Windows environment. The simplest way is a new virtual machine. Microsoft provides time limited images that can be used with VirtualBox, or you can use a cloud provider. In my case I used a machine running on Amazon EC2.
We’re going to use the chocolatey package manager. This greatly simplifies installing a lot of things on Windows. Connect to the windows instance, start cmd.exe as Administrator, and run
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "[System.Net.ServicePointManager]::SecurityProtocol = 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"Once that’s done, we’re going to install a few utilities and Microsoft Visual Studio
choco install -y wget git hg
choco install -y visualstudio2019communityVisual Studio takes a while to install. When it’s done, open the Visual Studio Installer from the Start menu, and modify the installation by adding the ‘Desktop Development for C++’ and ‘Game development for C++’ components and clicking the ‘Modify’ button.
That also takes a while, so while we’re waiting, back in in our command prompt we can add the rest of what we’re going to need.
We’re going to install Mozilla’s build environment, and the gyp build tool, and get the code for NSS and NSPR which it depends on. We’ll do all this in a directory created to contain all our work. First, we’ll need to refresh our environment so the shell knows about the stuff we just installed.
refreshenv
mkdir \build
cd \build
wget https://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/MozillaBuildSetup-Latest.exe
.\MozillaBuildSetup-Latest.exe /S
git clone https://chromium.googlesource.com/external/gyp
hg clone https://hg.mozilla.org/projects/nspr
hg clone https://hg.mozilla.org/projects/nssAt this stage, when everything is done it’s best to restart the machine as one of the dependent components we installed needs it.
When the machine is restarted, connect again, and this time start an ‘x64 Native Tools Command Prompt for VS 2019’. We need this so our environment is all set up nicely to use the Microsoft tools.
In that window we need to add a few things to the PATH and then start the Mozilla build environment:
set path=%path%;C:\mozilla-build\python;c:\mozilla-build\bin;c:\build\gyp
set path=%path%;%ProgramFiles(x86)%\Microsoft Visual Studio\Installer
cd \mozilla-build\msys
msysThis starts a new window. In that window we navigate to our build directory and run the NSS build script:
cd /c/build
nss/build.shThat should result in output that looks like this (I’m eliding quite a lot of it):
$ nss/build.sh
NSPR [1/5] configure ...
NSPR [2/5] make ...
NSPR [3/5] NOT building tests
NSPR [4/5] NOT running tests
NSPR [5/5] install ...
ninja: Entering directory `c:/build/nss/out/Debug'
....
[806/1222] LINK_EMBED(DLL) c:/build/dist/Debug/lib\nssckbi-testlib.dll
nssckbi-testlib.dll.exp : warning LNK4070: /OUT:nssckbi.dll directive in .EXP differs from output filename 'c:\build\dist\Debug\lib\nssckbi-testlib.dll'; ignoring directive
[1222/1222] STAMP obj\nss_tests.actions_depends.stampYou now have a Debug version of NSS in \build\dist\Debug The NSS headers are in \build\dist\public and the NSPR headers are in \build\dist\Debug\include.
In case you don’t feel like going to all this trouble but want to play along, I’ve stashed a copy of my latest build on GitHub
In a later blog I’ll show how to use what’s built here with PostgreSQL and the patch that Daniel has done (with some additions from me).