Re: On SSL library support

> i don't really get the point of supporting 2 different crypto
> libraries
> (given that we don't really offer anything in terms of re-usable
> libraries ourselves here, we just ship an application that needs
> crypto
> stuff done); it just seems to add additional complexity, and bloat to
> the installation sets, and we have to keep 2 different bundled
> libraries
> that do the same thing up to date with security fixes etc.

ACK. But then please use it as directly as possible
(not yet another wrapper around it again).

> seems the Fedora project is standardizing on NSS for crypto
> applications:
>
> http://fedoraproject.org/wiki/FedoraCryptoConsolidation

Well, typical for a desktop-only distro.

I just can't remember anything on a server system that uses the
typically-netscape-jabba-sized nss (and I cant imagine why I
should ever want that).

Just had a look at the source (3.12.9) - they still include
several 3rdparty libs (including the fat nspr monster)
_in the tree_. Seems they feel great pleasure in making
package maintainer's and systems engineer's life harder.

I would fully support nss, if they would:

#1 get rid of nspr completely
#2 drop all bundled 3rdparty libs
#3 drop the binary key/cert store in favor of pure filesystem-based
   approach (just like w/ openssl)
#3 split it into separate layers in separate libraries

Otherwise it's practical use is limited to pure desktop-only environments.


cu
--
Mit freundlichen Grüßen / Kind regards

Enrico Weigelt
VNC - Virtual Network Consult GmbH
Head Of Development

Äußere Bayreuther Str. 55, D - 90409 Nürnberg
Tel: +49 911 72303-30
Fax: +49 911 72303-50

enrico.weigelt@vnc.biz; www.vnc.de