[Evolution-hackers] [Fwd: Re: about libsoup with NSS support]
- From: Harry Lu <Harry Lu Sun COM>
- To: evolution-hackers gnome org
- Subject: [Evolution-hackers] [Fwd: Re: about libsoup with NSS support]
- Date: Fri, 24 Mar 2006 13:30:06 +0800
FYI.
Harry
--- Begin Message ---
- From: Dan Winship <danw novell com>
- To: Harry Lu <Harry Lu Sun COM>
- Cc: Irene Huang <Irene Huang Sun COM>
- Subject: Re: about libsoup with NSS support
- Date: Thu, 23 Mar 2006 09:59:14 -0500
Harry Lu wrote:
> Dan,
> Thanks for the reply.
>
> From old version of libsoup, I can see it supported NSS sometime ago,
> but then discarded later.
...
> Do you know the reason?
Yup. It was removed because it didn't work. :-)
Soup's original SSL library was OpenSSL, but that was problematic
because its license isn't GPL-compatible (at least not in all cases). We
got around this by linking openssl into a separate "soup-ssl-proxy"
binary and having libsoup pass data through that to get SSL support. But
there were annoying bugs with this.
I don't remember the exact plan with NSS (this was when Alex was still
the maintainer of libsoup, not me), but I think the idea when we started
working on it was that we'd replace OpenSSL with that, because NSS was
GPL/MPL/LGPL, so it wouldn't cause problems even when directly linked
in. At some point though, we realized that while the Mozilla Foundation
was *planning* to relicense NSS to GPL/MPL/LGPL, that they hadn't
actually done so yet, and it was still GPL/MPL, which was no good for us
because we wouldn't have been able to link it into Connector. So work on
the NSS backend mostly stopped, without ever having been
well-tested/finished. (In fact, I'd totally forgotten it had ever been
there until you pointed it out.)
Later, the Red Carpet team was using GnuTLS for something else, and
decided to add support for that to soup, and that worked so much better
than the old OpenSSL out-of-process proxy that we just decided to remove
support for OpenSSL (and the never-completed NSS) entirely.
The current SSL framework is slightly different from how it worked when
the NSS code was removed, but not much different, so you could probably
use it as a starting point if you did want to write a new NSS backend.
There is no longer any support at the configure/Makefile level for
having multiple SSL backends, but the support is all still there at the
code level: just write a "soup-nss.c" that implements the interfaces
from soup-ssl.h, and then have the Makefile pick either that or
soup-gnutls.c to link in depending on which library was configured.
-- Dan
--- End Message ---
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
