On 04/05/12 13:42, Rene Engelhard wrote: > On Fri, May 04, 2012 at 12:09:15PM +0200, Michael Stahl wrote: >> of course replacing OpenSSL dependencies with GnuTLS doesn't help in >> that regard, it only helps with the licensing issues you have. >> >> seems the Fedora project is standardizing on NSS for crypto applications: >> >> http://fedoraproject.org/wiki/FedoraCryptoConsolidation > > Which is bad, imho. If switch, what about Gnutls?
we don't currently use GnuTLS for anything at all, and we do use NSS for some things which is tested and works, so switching to GnuTLS would be a lot more work. also, AFAIK GnuTLS doesn't have a FIPS certification while NSS has several certified versions, which isn't something i personally care about but probably some people do. > Given nss needs a mozilla in use or at least installed to use > a certificate from there and stuff like > https://bugs.freedesktop.org/show_bug.cgi?id=45171 doesn't make me > think it's a good alternative (and never was) AFAIK it only accesses a Mozilla profile if you want to sign documents, to find user's certificates (LO doesn't have an UI for adding or storing these, it can only select existing ones from the Mozilla profile), so that does only concern the one use case where NSS is used already anyway (or do you volunteer to implement a certificate add/remove GUI and whatever storage code is required for GnuTLS?). _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
