curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: NSS deprecation

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 10 Mar 2022 15:05:54 +0100 (CET)

On Thu, 10 Mar 2022, Aaltonen Eero via curl-library wrote:

> At the moment, only the NSS version of curl supports PKCS#11 card
> certificate based client authentication.

Maybe, but I don't think it's the only option that can be made to handle them.

> AFAIK most cross OS browsers use NSS. At least Chrome and Opera link to it.

Chrome (and thus all the ones built on Chromium) switched to using BoringSSL
many years ago. Firefox is the last major browser that uses NSS and probably
the last major application over all. Assuming we still consider Firefox major.

>> NSS is harder than ever to find documentation for
>
> Uh. Have to somewhat agree here. Although they seem to have gotten
> their documentation rework somewhat done

This is of course highly subjective but their docs were always abysmal, so
when we can't even find that, the situation is pretty dire.

>> NSS was always "best" used with Red Hat Linux when they provided
>> additionalfeatures on top
>
> Not sure what these features are

The ability to load a CA bundle from file is the primary one I thought of.

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-03-10