On Wed, 2008-10-08 at 17:34 -0500, Matt_Domsch@xxxxxxxx wrote: > I understand the push behind getting as many packages to build against > nss as possible. However, nss is not on feature parity with openssl > at this time. Using SSL certificates from a TPM is fairly trivial in OpenSSL too. Just install the openssl-tpm-engine package and it's a few lines of code to initialise that engine in your application (and curl has callbacks which let you do it at the appropriate time). For NSS, there's theoretically a PKCS#12 plugin which can use the TPM, but it relies on a whole stack of other weird stuff we don't ship, including more system dæmons, and which I haven't been able to get working. Then there's the DTLS protocol, which neither NSS or GNUTLS support at all... I actually ditched libcurl and wrote my own http code, cursing all the time as I did it, because of the switch to NSS. -- David Woodhouse Open Source Technology Centre David.Woodhouse@xxxxxxxxx Intel Corporation -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
