libcurl + (NSS or openssl)
Simo Sorce
ssorce at redhat.com
Thu Oct 9 12:38:31 UTC 2008
On Thu, 2008-10-09 at 15:45 +0400, Dmitry Butskoy wrote:
> Addon of some extra functionality to NSS seems questionable as well.
> Perhaps, in far future only. Unlike the OpenSSL and Gnutls, NSS seems
> more stable, more tested, more certificated -- ie. more conservative.
> Hence the support of some "corner" cases is not a primary goal.
Usually these "corner cases" are just bad security practice, it is
better if NSS keep you straight and does not let you mess with security
related stuff.
> BTW, in some areas OpenSLL looks more perspective. For example, Russia
> have chosen other way for crypto in the state life -- so called GOST
> instead of RSA. OpenSSL will start to support it since 0.9.9, plans of
> NSS is unknown... As a result, the compulsion for NSS in Fedora can make
> its usage impossible in the state organisations of some countries.
Send inquiries to the NSS team about support of GOST in NSS then.
> Another issue is license compatibility. Whilst OpenSSL is "widely used",
> it can be considered as a "basic system application", hence programs may
> link with it anyway (due to some exception in GPL etc...). After the
> most of things will be switched to NSS, the OpenSSl itself will become
> "an optional" instead of "system basic". The correspond exception in GPL
> will not affect anymore, and the rest of GPL applications who still will
> use OpenSSL will become illegal.
Sorry but this is just legal mumbo-jumbo ...
Simo.
More information about the fedora-devel-list
mailing list