From: | David Boreham <david_list(at)boreham(dot)org> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-hackers(at)postgresql(dot)org, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, mark(at)mark(dot)mielke(dot)cc, Martijn van Oosterhout <kleptog(at)svana(dot)org>, Mark Kirkwood <markir(at)paradise(dot)net(dot)nz> |
Subject: | Re: TODO: GNU TLS |
Date: | 2007-01-02 18:48:42 |
Message-ID: | 459AA90A.10402@boreham.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Stephen Frost wrote:
>* David Boreham (david_list(at)boreham(dot)org) wrote:
>
>
>>Stephen Frost wrote:
>>
>>
>>>Not sure what license that's under,
>>>
>>>
>>>
>>From http://www.mozilla.org/projects/security/pki/nss/:
>>'NSS is available under the Mozilla Public License, the GNU General
>>Public License, and the GNU Lesser General Public License.'
>>
>>
>
>Works for me then, and it's already packaged in Debian. The only
>downside that I can see is that the work isn't done yet and if we want
>to support both OpenSSL and NSS then the patch will be at least somewhat
>invasive/large (since I doubt NSS's API is anything like OpenSSL's,
>please correct me if I'm wrong).
>
>
Unfortunately the NSS and OpenSSL I/O design is quite different.
There has been talk over the years (since at least 1996) of adding
OpenSSL-like interfaces to NSS, but AFAIK this has never been done.
NSS presents a 'layered' I/O model where the application talks to
a socket-like API. It also depends on NSPR. For these reasons
I would hesitate to recommend it for use in a server vs. OpenSSL.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2007-01-02 18:55:28 | Re: TODO: GNU TLS |
Previous Message | Andrew Dunstan | 2007-01-02 18:44:34 | Re: TODO: GNU TLS |