Howard Chu wrote:
PolarSSL works fine on Windows.
The GnuTLS API is far from consistent. It's an architectural disaster. See e.g.
https://bugs.launchpad.net/debian/+source/sudo/+bug/423252
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566351
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
Those are some of the reasons I went looking for an alternative (and settled
on PolarSSL) for some of my other projects.
re: NSS
NSS - lack of good docs. API is focused around having data in databases
> instead of individual files like the other libs do. Suffers a bit from being
> seen as only used by Mozilla's browser and mail client by project members.
For the most part it is *only* suitable for use by the Mozilla browser and
email client. We have added support for it in OpenLDAP as well but it suffers
from multiple-initialization issues. E.g., if multiple apps or libraries use
it and initialize it within a single process, things fall apart. See
https://wiki.mozilla.org/NSS_Library_Init
for details of a proposed fix. AFAIK this is still an unresolved issue, and
the proposed fix has plenty of problems of its own.
I understand that RedHat is now building their OpenLDAP packages with our
MozNSS support. I don't believe this combination is ready for primetime by any
measure. They still don't even have release quality code for handling PEM
files, and their current experimental code crashes/misbehaves in common (for
OpenSSL) deployment scenarios.
https://bugzilla.mozilla.org/show_bug.cgi?id=402712
https://bugzilla.redhat.com/show_bug.cgi?id=642433
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
