cURL / Mailing Lists / curl-library / Single Mail


Re: SSL libs compared page

From: Howard Chu <>
Date: Thu, 03 Feb 2011 15:14:05 -0800

Howard Chu wrote:
> PolarSSL works fine on Windows.
> The GnuTLS API is far from consistent. It's an architectural disaster. See e.g.
> Those are some of the reasons I went looking for an alternative (and settled
> on PolarSSL) for some of my other projects.

re: NSS
> NSS - lack of good docs. API is focused around having data in databases
> instead of individual files like the other libs do. Suffers a bit from being
> seen as only used by Mozilla's browser and mail client by project members.

For the most part it is *only* suitable for use by the Mozilla browser and
email client. We have added support for it in OpenLDAP as well but it suffers
from multiple-initialization issues. E.g., if multiple apps or libraries use
it and initialize it within a single process, things fall apart. See

for details of a proposed fix. AFAIK this is still an unresolved issue, and
the proposed fix has plenty of problems of its own.

I understand that RedHat is now building their OpenLDAP packages with our
MozNSS support. I don't believe this combination is ready for primetime by any
measure. They still don't even have release quality code for handling PEM
files, and their current experimental code crashes/misbehaves in common (for
OpenSSL) deployment scenarios.

   -- Howard Chu
   CTO, Symas Corp. 
   Director, Highland Sun
   Chief Architect, OpenLDAP
List admin:
Received on 2011-02-04