curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Has the time come to drop NSS?

From: Kamil Dudka via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 21 Feb 2022 10:31:26 +0100

On Monday, February 21, 2022 9:56:08 AM CET Daniel Stenberg via curl-library
wrote:
> On Fri, 18 Feb 2022, Michael Stahl via curl-library wrote:
> > NSS is much preferred over OpenSSL because it has an ABI; you can ship it
> > as shared libraries and it's going to work - we are currently shipping
> > NSS but it should also work to use it from the system, i attempted to do
> > that some time ago but on the RHEL7 baseline it caused some unit test
> > failures so i had to abandon that for now.
>
> Sorry, but to me that sounds primarily an argument against (some versions
> of) OpenSSL, not a very strong argument in favor of NSS. I would personally
> rather push for using another feature-rich alternative, like GnuTLS or
> wolfSSL. Libraries that have better future prospects than NSS.

The argument here is that the software you built against NSS 10 years ago
works against the system-provided libraries on modern Linux distributions,
without any rebuild. This has never been the case for OpenSSL. I am not
sure about the other two libraries you mention.

Kamil


-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-02-21