On SSL library support
Enrico Weigelt
enrico.weigelt at vnc.biz
Fri May 4 06:16:59 PDT 2012
> i don't really get the point of supporting 2 different crypto
> libraries
> (given that we don't really offer anything in terms of re-usable
> libraries ourselves here, we just ship an application that needs
> crypto
> stuff done); it just seems to add additional complexity, and bloat to
> the installation sets, and we have to keep 2 different bundled
> libraries
> that do the same thing up to date with security fixes etc.
ACK. But then please use it as directly as possible
(not yet another wrapper around it again).
> seems the Fedora project is standardizing on NSS for crypto
> applications:
>
> http://fedoraproject.org/wiki/FedoraCryptoConsolidation
Well, typical for a desktop-only distro.
I just can't remember anything on a server system that uses the
typically-netscape-jabba-sized nss (and I cant imagine why I
should ever want that).
Just had a look at the source (3.12.9) - they still include
several 3rdparty libs (including the fat nspr monster)
_in the tree_. Seems they feel great pleasure in making
package maintainer's and systems engineer's life harder.
I would fully support nss, if they would:
#1 get rid of nspr completely
#2 drop all bundled 3rdparty libs
#3 drop the binary key/cert store in favor of pure filesystem-based
approach (just like w/ openssl)
#3 split it into separate layers in separate libraries
Otherwise it's practical use is limited to pure desktop-only environments.
cu
--
Mit freundlichen Grüßen / Kind regards
Enrico Weigelt
VNC - Virtual Network Consult GmbH
Head Of Development
Äußere Bayreuther Str. 55, D - 90409 Nürnberg
Tel: +49 911 72303-30
Fax: +49 911 72303-50
enrico.weigelt at vnc.biz; www.vnc.de
More information about the LibreOffice
mailing list