On Sat, 26 Jul 2008, Nelson Bolyard wrote: >> As a user of OpenSSL, NSS, yassl and GnuTLS I can certainly agree that >> GnuTLS has flaws in its API but NSS most certainly also has flaws as well >> _and_ notable missing features that GnuTLS offers. > > Daniel, please tell us what features are missing that you would actually use > if they were present!
Well, I'm a newbie in NSS land so I don't know the full story of what has happened in your project that has lead to the results we see today. So I may of course now step on just about every toe you have! :-) But an obvious example of a shortcoming is concerning support for the PEM format for CA cert bundles and certs in general (as it is very awkward for me to document, use and describe for users they need to change their ways if they happen to build my app with NSS instead of OpenSSL or GnuTLS). It seems we have a situation where Fedora (Redhat?) provides some special plugin(s) for NSS that allows NSS to load and use PEM files where the "native" NSS doesn't. And of course, what some considers a feature, others may not. -- / daniel.haxx.se _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
