| From: | David Boreham <david_list(at)boreham(dot)org> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-hackers(at)postgresql(dot)org, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, mark(at)mark(dot)mielke(dot)cc, Martijn van Oosterhout <kleptog(at)svana(dot)org>, Mark Kirkwood <markir(at)paradise(dot)net(dot)nz> |
| Subject: | Re: TODO: GNU TLS |
| Date: | 2007-01-02 18:48:42 |
| Message-ID: | 459AA90A.10402@boreham.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost wrote:
>* David Boreham (david_list(at)boreham(dot)org) wrote:
>
>
>>Stephen Frost wrote:
>>
>>
>>>Not sure what license that's under,
>>>
>>>
>>>
>>From http://www.mozilla.org/projects/security/pki/nss/:
>>'NSS is available under the Mozilla Public License, the GNU General
>>Public License, and the GNU Lesser General Public License.'
>>
>>
>
>Works for me then, and it's already packaged in Debian. The only
>downside that I can see is that the work isn't done yet and if we want
>to support both OpenSSL and NSS then the patch will be at least somewhat
>invasive/large (since I doubt NSS's API is anything like OpenSSL's,
>please correct me if I'm wrong).
>
>
Unfortunately the NSS and OpenSSL I/O design is quite different.
There has been talk over the years (since at least 1996) of adding
OpenSSL-like interfaces to NSS, but AFAIK this has never been done.
NSS presents a 'layered' I/O model where the application talks to
a socket-like API. It also depends on NSPR. For these reasons
I would hesitate to recommend it for use in a server vs. OpenSSL.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-01-02 18:55:28 | Re: TODO: GNU TLS |
| Previous Message | Andrew Dunstan | 2007-01-02 18:44:34 | Re: TODO: GNU TLS |