Re: TODO: GNU TLS

Stephen Frost wrote:

>* David Boreham (david_list@boreham.org) wrote:
>  
>
>>Stephen Frost wrote:
>>    
>>
>>>Not sure what license that's under,
>>>
>>>      
>>>
>>From http://www.mozilla.org/projects/security/pki/nss/:
>>'NSS is available under the Mozilla Public License, the GNU General 
>>Public License, and the GNU Lesser General Public License.'
>>    
>>
>
>Works for me then, and it's already packaged in Debian.  The only
>downside that I can see is that the work isn't done yet and if we want
>to support both OpenSSL and NSS then the patch will be at least somewhat
>invasive/large (since I doubt NSS's API is anything like OpenSSL's,
>please correct me if I'm wrong).
>  
>
Unfortunately the NSS and OpenSSL I/O design is quite different.
There has been talk over the years (since at least 1996) of adding
OpenSSL-like interfaces to NSS, but AFAIK this has never been done.
NSS presents a 'layered' I/O model where the application talks to
a socket-like API. It also depends on NSPR. For these reasons
I would hesitate to recommend it for use in a server vs. OpenSSL.