Alon Bar-Lev wrote:
The patch doesn't actually switch to NSS, but allows NSS to be used instead of direct calls and openSSL, so you can continue to build both ways. The default is to use direct calls and openSSL.On 6/11/07, Ludovic Rousseau <[EMAIL PROTECTED]> wrote:This new version contains the patches from RedHat to use NSS instead of OpenSSL and many other improvements they made. See the ChangeLog.svn file for an exhaustive list.Hi! Great! I am curios, why did you switch to NSS? BTW: We can shrink up the code if next version will use pkcs11-helper :)
The reason Red Hat switched to NSS in pam_pkcs11 is several fold:1) NSS already has support for multiple concurrent PKCS #11 modules. Now you can configure more than one module for use as your login token. 2) NSS has built-in support for things like OCSP we wanted to be able to leverage. 3) We are working towards being able to have a single crypto library from a maintenance point of view. NSS was the closest to meeting all of our requirements.
Our plan is to enable NSS as an option in various libraries, so packagers still have the flexibility to continue to use their existing crypto libraries in environments that make sense for them.
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
