Joshua Kramer wrote:
Hello Carl,
Something else to look at, is the NSS library. very similar to
OpenSSL but has some advantages over OpenSSL.
Can you let me know what these advantages are? A cursory Google
search of NSS vs OpenSSL leads to the following interesting documents:
http://www.physics.louisville.edu/help/usr/nail-11.20/INSTALL (search
for the string "OpenSSL offers" in this document)
http://www.gnu.org/software/gnutls/comparison.html
I've been trying to build NSS to no avail. It isn't quite easy as
'./configure; make' or 'yum install openssl-devel', but can pursue
this further if NSS offers some compelling advantages over OpenSSL.
(The only build instructions I've found are noted below, but they
don't work.)
http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.4-build.html
Cheers,
-J
The big difference is the API boundary between the lib and the
application. With NSS the API is structured in a way that if you
integrate with it, you don't have to also do separately certify the
application, so you inherit all the certifications that NSS has or gets.
With OpenSSL you have to certify each application and no certification
is inherited. That is the main difference or the difference that I care
about.
What build errors do you get with NSS?
Carl.
