On Wed, Jan 20, 2010 at 9:01 PM, corvid <corvid@lavabit.com> wrote:
Michal wrote:
On Wed, Jan 20, 2010 at 10:52 AM, corvid <corvid@lavabit.com> wrote:
A few hours ago, I started to wonder how much trouble it would be to make https.c understand gnutls instead of openssl.
The answer is: If you borrow liberally from the public domain code in ? ? ? ? ? ? ? the gnutls manual, then not very much!
So here's a toy for anyone who would like one: ?http://www.dillo.org/test/gnutls.0.patch
What about NSS?
https://fedoraproject.org/wiki/FedoraCryptoConsolidation
It might bring even more (FIPS) compared to gnutls.
Does gnutls lack it because it requires paying $$ and/or infinite bureaucratic hurdles, or is it a technical matter?
Possibility #1: definitely Possibility #2: FWIH, crypto part is easy, mostly eliminating "unsafe" algorithms and it's settings but there might be others not that easy stuff, like centralized cert management, ...
The NSS documentation seems to say that applications would no longer have to know where a file full of certificates is because that would all be taken care of by NSS in some centralized thing. Is that the case?
I guess so https://fedoraproject.org/wiki/CryptoConsolidationEval#NSS
_That_ would definitely appeal to me.
NSS seems to be the future of crypto API, unless it's too heavy-weight for project like Dillo, consider it instead of gnutls.
_______________________________________________ Dillo-dev mailing list Dillo-dev@dillo.org http://lists.auriga.wearlab.de/cgi-bin/mailman/listinfo/dillo-dev