On SSL library support
Michael Stahl
mstahl at redhat.com
Fri May 4 08:40:39 PDT 2012
On 04/05/12 13:42, Rene Engelhard wrote:
> On Fri, May 04, 2012 at 12:09:15PM +0200, Michael Stahl wrote:
>> of course replacing OpenSSL dependencies with GnuTLS doesn't help in
>> that regard, it only helps with the licensing issues you have.
>>
>> seems the Fedora project is standardizing on NSS for crypto applications:
>>
>> http://fedoraproject.org/wiki/FedoraCryptoConsolidation
>
> Which is bad, imho. If switch, what about Gnutls?
we don't currently use GnuTLS for anything at all, and we do use NSS for
some things which is tested and works, so switching to GnuTLS would be a
lot more work.
also, AFAIK GnuTLS doesn't have a FIPS certification while NSS has
several certified versions, which isn't something i personally care
about but probably some people do.
> Given nss needs a mozilla in use or at least installed to use
> a certificate from there and stuff like
> https://bugs.freedesktop.org/show_bug.cgi?id=45171 doesn't make me
> think it's a good alternative (and never was)
AFAIK it only accesses a Mozilla profile if you want to sign documents,
to find user's certificates (LO doesn't have an UI for adding or storing
these, it can only select existing ones from the Mozilla profile), so
that does only concern the one use case where NSS is used already anyway
(or do you volunteer to implement a certificate add/remove GUI and
whatever storage code is required for GnuTLS?).
More information about the LibreOffice
mailing list