I've just installed libnss3-dev and will give it a look this evening or tomorrow. For libggz, which is the affected package here, the addition of a NSS backend shouldn't be too hard as it uses a fairly small subset of crypto functions, mostly just the TLS handshake. Of course this doesn't help much in getting a FIPS certificate, but if NSS is supposed to replace OpenSSL, then having it as an option might still help :-)

Now, let's see if Redhat's bugzilla gets a copy of this text. I recommend to the original bug reporter to include a link to the page about the issue (it was difficult to find out what "tracking bug" referred to). If it affects upstream maintainers, there should also be porting advice for other distributions, as not everyone uses Fedora.

There is some experimental NSS support for libggz available in /playground/patches/libggz+nss.diff in GGZ SVN. The main reason why it doesn't work yet is that there doesn't seem to be a way to assign open file descriptors to NSS's preferred socket wrappers (PRFileDesc).

The NSS backend to libggz was improved a bit. While it's still not working for some reason, the cause is likely just a missing function call somewhere. Therefore, the patch has been merged into trunk and can be tested there (--with-tls=NSS). Can you please report this to the Redhat tracker so the bug gets reassigned to libggz (assuming it's available in Fedora already) and the status can be set to pending. I don't want to create yet another bugzilla account just for this update :)

This bug is being reassigned to the "general" component so we can close the ggz bugzilla component.  Apologies for the mass email!