Howard Chu wrote:
> PolarSSL works fine on Windows.
>
> The GnuTLS API is far from consistent. It's an architectural disaster. See e.g.
>
> https://bugs.launchpad.net/debian/+source/sudo/+bug/423252
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566351
>
> http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
>
> Those are some of the reasons I went looking for an alternative (and settled
> on PolarSSL) for some of my other projects.

re: NSS
> NSS - lack of good docs. API is focused around having data in databases
> instead of individual files like the other libs do. Suffers a bit from being
> seen as only used by Mozilla's browser and mail client by project members.

For the most part it is *only* suitable for use by the Mozilla browser and
email client. We have added support for it in OpenLDAP as well but it suffers
from multiple-initialization issues. E.g., if multiple apps or libraries use
it and initialize it within a single process, things fall apart. See

https://wiki.mozilla.org/NSS_Library_Init

for details of a proposed fix. AFAIK this is still an unresolved issue, and
the proposed fix has plenty of problems of its own.

I understand that RedHat is now building their OpenLDAP packages with our
MozNSS support. I don't believe this combination is ready for primetime by any
measure. They still don't even have release quality code for handling PEM
files, and their current experimental code crashes/misbehaves in common (for
OpenSSL) deployment scenarios.

https://bugzilla.mozilla.org/show_bug.cgi?id=402712
https://bugzilla.redhat.com/show_bug.cgi?id=642433

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html