[Swan-dev] [cryptography] Announcing Mozilla::PKIX, a New Certificate Verification Library (fwd)
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Thu Apr 10 18:35:35 EEST 2014
On Thu, Apr 10, 2014 at 11:06:28AM -0400, Matt Rogers wrote:
> On Thu, Apr 10, 2014 at 10:40:40AM -0400, Lennart Sorensen wrote:
> > On Mon, Apr 07, 2014 at 07:22:51PM -0400, Paul Wouters wrote:
> > > wonder if we can use this instead of the legacy x509 code....
> >
> > I would prefer avoiding having to maintain yet another crypto library.
> > Needing openssl and gnutls26 is enough thank you. Routers have no need
> > to run firefox and hence have no need to have libnss installed, so can
> > we try to keep it that way?
>
> Libreswan already depends on NSS for crypto, not openssl.
Well openswan didn't. We haven't upgraded yet.
I would highly suggest reconsidering the use of libnss.
--
Len Sorensen
More information about the Swan-dev
mailing list