libcurl + (NSS or openssl)
David Woodhouse
dwmw2 at infradead.org
Thu Oct 9 14:44:10 UTC 2008
On Wed, 2008-10-08 at 17:34 -0500, Matt_Domsch at Dell.com wrote:
> I understand the push behind getting as many packages to build against
> nss as possible. However, nss is not on feature parity with openssl
> at this time.
Using SSL certificates from a TPM is fairly trivial in OpenSSL too. Just
install the openssl-tpm-engine package and it's a few lines of code to
initialise that engine in your application (and curl has callbacks which
let you do it at the appropriate time).
For NSS, there's theoretically a PKCS#12 plugin which can use the TPM,
but it relies on a whole stack of other weird stuff we don't ship,
including more system dæmons, and which I haven't been able to get
working.
Then there's the DTLS protocol, which neither NSS or GNUTLS support at
all...
I actually ditched libcurl and wrote my own http code, cursing all the
time as I did it, because of the switch to NSS.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
More information about the fedora-devel-list
mailing list