On Tue, Jan 02, 2007 at 01:29:35PM -0500, Stephen Frost wrote: > Would a patch to implement dual-support for OpenSSL and NSS be > acceptable? Would just replacing OpenSSL support with NSS support be
When I was looking into this I looked at NSS, and eventually decided on GnuTLS. Why? Because I read the GnuTLS documentation and I understood it. The basic support for GnuTLS took a whole afternoon, the hard work was leving people with the choice of using OpenSSL. I read the OpenSSL docs too, but I still don't understand how it works properly. IMHO, GnuTLS has the advantage if being designed later which means details like: - Thread safety (GnuTLS is thread-safe by design, no locks needed) - Proper layering (creating your own I/O function is trivial) - Seperate namespace - Non-blocking support from the get-go were taken care of. Since people are citing maintainability as a concern, I think you really have wonder whether NSS is a better choice. Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to > litigate.
signature.asc
Description: Digital signature