<br><div class="gmail_quote">2009/9/3 Michal Hlavinka <span dir="ltr"><<a href="mailto:mhlavink@redhat.com">mhlavink@redhat.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div class="h5">On Tuesday 01 September 2009 21:15:31 Arnaud Quette wrote:<br>
> Hi Michal,<br>
><br>
> 2009/9/1 Arjen de Korte<br>
><br>
> > Citeren Michal Hlavinka<br>
> ><br>
> > We would like to use nss for cryptography instead of OpenSSL. Reason for<br>
> ><br>
> >> this<br>
> >> is mostly for FIPS 140 validation.<br>
> >><br>
> >> See:<br>
> >> <a href="http://fedoraproject.org/wiki/FedoraCryptoConsolidation" target="_blank">http://fedoraproject.org/wiki/FedoraCryptoConsolidation</a><br>
> >> <a href="http://fedoraproject.org/wiki/CryptoConsolidationEval" target="_blank">http://fedoraproject.org/wiki/CryptoConsolidationEval</a><br>
> >> <a href="http://fedoraproject.org/wiki/CryptoConsolidationScorecard" target="_blank">http://fedoraproject.org/wiki/CryptoConsolidationScorecard</a><br>
> >><br>
> >> also OpenSuSE prefers to use the nss for cryptography for the same<br>
> >> reason (<br>
> >> <a href="http://en.opensuse.org/SharedCertStore" target="_blank">http://en.opensuse.org/SharedCertStore</a> )<br>
> ><br>
> > The above makes lots of sense.<br>
><br>
> very interesting indeed!<br>
> even more knowing that I was considering a gnutls port (mostly for<br>
> licensing issues)...<br>
> thanks a lot for these pointers ;-)<br>
><br>
> > Would it be possible to use nss instead of openssl?<br>
> ><br>
> ><br>
> > Most likely, yes.<br>
> ><br>
> > #ifdef blocks would be enough. I can prepare patches. What's your<br>
> > opinion?<br>
> ><br>
> ><br>
> > I would certainly welcome an effort to standardize here, so please<br>
> > provide patches if you have any available. Preferably for the SVN trunk<br>
> > version, but if you only have them for older versions, I could probably<br>
> > port them to the latest version.<br>
><br>
> seconded, your work here would be very much appreciated.<br>
<br>
</div></div>Which way is preferred? Complete OpenSSL replacement or new build option only?<br></blockquote><div><br>both ;-)<br>though I would prefer to give the choice to the user (so a new configure option with a side implementation), the complete replacement is fine too (also implies a new "--with-nss") .<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'm little overloaded these days, but I hope I'll start with this next week.<br></blockquote><div> </div></div>no problem. It wasn't planned, and this good news will be a cherry on the top of the cake ;-)<br>
<br>BTW, are you replacing Tomas on the NUT package maintenance?<br><br clear="all">cheers,<br>Arnaud<br>-- <br>Linux / Unix Expert R&D - Eaton - <a href="http://www.eaton.com/mgeops">http://www.eaton.com/mgeops</a><br>
Network UPS Tools (NUT) Project Leader - <a href="http://www.networkupstools.org/">http://www.networkupstools.org/</a><br>Debian Developer - <a href="http://www.debian.org">http://www.debian.org</a><br>Free Software Developer - <a href="http://arnaud.quette.free.fr/">http://arnaud.quette.free.fr/</a><br>
<br>