[Swan-dev] [cryptography] Announcing Mozilla::PKIX, a New Certificate Verification Library (fwd)

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Thu Apr 10 18:35:35 EEST 2014

On Thu, Apr 10, 2014 at 11:06:28AM -0400, Matt Rogers wrote:
> On Thu, Apr 10, 2014 at 10:40:40AM -0400, Lennart Sorensen wrote:
> > On Mon, Apr 07, 2014 at 07:22:51PM -0400, Paul Wouters wrote:
> > > wonder if we can use this instead of the legacy x509 code....
> > 
> > I would prefer avoiding having to maintain yet another crypto library.
> > Needing openssl and gnutls26 is enough thank you.  Routers have no need
> > to run firefox and hence have no need to have libnss installed, so can
> > we try to keep it that way?
> Libreswan already depends on NSS for crypto, not openssl.

Well openswan didn't.  We haven't upgraded yet.

I would highly suggest reconsidering the use of libnss.

Len Sorensen

More information about the Swan-dev mailing list