Hi again, On Wednesday 04 August 2010 Christian Hilberg wrote: > On Wednesday, 04 August 2010, Matthew Barnes wrote: > > On Wed, 2010-08-04 at 16:03 +0200, Christian Hilberg wrote: > > > Is there any good alternative to using libsoup which makes use of NSS? > > > We're pretty much depending on the (mostly) working NSS infrastructure > > > for PKCS #11 and token handling for certificate based client auth. > > That I don't know. You might want to ask the libsoup maintainer, Dan > > Winship ([email protected]). > [x] done. I've posted to the libsoup list, see [1]. Maybe we can dig up > something useful there.
Result: While libsoup should build against the current GnuTLS lib (development
version, 2.11.0), which has PKCS #11 support since a few weeks now, libsoup
has no infrastructure for handling client certificates at all [1] and GnuTLS
does not seem to handle that by itself the way NSS does.
There are efforts to support TLS within GIO context and to provide a plugin
mechanism (so several security libs could be used) [2], but this will take
time to be implemented and so it won't help us right now.
This means that we cannot use libsoup for HTTP access since we *must* be able
to support client certificates. We will have to look for another solution for
now.
I also do not like the idea of adding yet another dependency to some other
HTTP lib which has NSS support (like libcurl) too much, but which other
options do we have? If we used libcurl, then we needed to provide our own
packaged version which will be linked against NSS, since most distros ship
only openssl/gnutls variants.
I'll be very grateful for any further input.
Kind regards,
Christian
[1] http://mail.gnome.org/archives/libsoup-list/2010-August/msg00004.html
[2] http://mail.gnome.org/archives/libsoup-list/2010-August/msg00001.html
--
kernel concepts GbR Tel: +49-271-771091-14
Sieghuetter Hauptweg 48 Fax: +49-271-771091-19
D-57072 Siegen
http://www.kernelconcepts.de/
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ evolution-hackers mailing list [email protected] To change your list options or unsubscribe, visit ... http://mail.gnome.org/mailman/listinfo/evolution-hackers
