Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Has the time come to drop NSS?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Kamil Dudka via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 21 Feb 2022 10:31:26 +0100
On Monday, February 21, 2022 9:56:08 AM CET Daniel Stenberg via curl-library
wrote:
> On Fri, 18 Feb 2022, Michael Stahl via curl-library wrote:
> > NSS is much preferred over OpenSSL because it has an ABI; you can ship it
> > as shared libraries and it's going to work - we are currently shipping
> > NSS but it should also work to use it from the system, i attempted to do
> > that some time ago but on the RHEL7 baseline it caused some unit test
> > failures so i had to abandon that for now.
>
> Sorry, but to me that sounds primarily an argument against (some versions
> of) OpenSSL, not a very strong argument in favor of NSS. I would personally
> rather push for using another feature-rich alternative, like GnuTLS or
> wolfSSL. Libraries that have better future prospects than NSS.
The argument here is that the software you built against NSS 10 years ago
works against the system-provided libraries on modern Linux distributions,
without any rebuild. This has never been the case for OpenSSL. I am not
sure about the other two libraries you mention.
Kamil
Date: Mon, 21 Feb 2022 10:31:26 +0100
On Monday, February 21, 2022 9:56:08 AM CET Daniel Stenberg via curl-library
wrote:
> On Fri, 18 Feb 2022, Michael Stahl via curl-library wrote:
> > NSS is much preferred over OpenSSL because it has an ABI; you can ship it
> > as shared libraries and it's going to work - we are currently shipping
> > NSS but it should also work to use it from the system, i attempted to do
> > that some time ago but on the RHEL7 baseline it caused some unit test
> > failures so i had to abandon that for now.
>
> Sorry, but to me that sounds primarily an argument against (some versions
> of) OpenSSL, not a very strong argument in favor of NSS. I would personally
> rather push for using another feature-rich alternative, like GnuTLS or
> wolfSSL. Libraries that have better future prospects than NSS.
The argument here is that the software you built against NSS 10 years ago
works against the system-provided libraries on modern Linux distributions,
without any rebuild. This has never been the case for OpenSSL. I am not
sure about the other two libraries you mention.
Kamil
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-02-21