Hi again, On Wednesday 04 August 2010 Christian Hilberg wrote: > On Wednesday, 04 August 2010, Matthew Barnes wrote: > > On Wed, 2010-08-04 at 16:03 +0200, Christian Hilberg wrote: > > > Is there any good alternative to using libsoup which makes use of NSS? > > > We're pretty much depending on the (mostly) working NSS infrastructure > > > for PKCS #11 and token handling for certificate based client auth. > > That I don't know. You might want to ask the libsoup maintainer, Dan > > Winship (danw gnome org). > [x] done. I've posted to the libsoup list, see [1]. Maybe we can dig up > something useful there. Result: While libsoup should build against the current GnuTLS lib (development version, 2.11.0), which has PKCS #11 support since a few weeks now, libsoup has no infrastructure for handling client certificates at all [1] and GnuTLS does not seem to handle that by itself the way NSS does. There are efforts to support TLS within GIO context and to provide a plugin mechanism (so several security libs could be used) [2], but this will take time to be implemented and so it won't help us right now. This means that we cannot use libsoup for HTTP access since we *must* be able to support client certificates. We will have to look for another solution for now. I also do not like the idea of adding yet another dependency to some other HTTP lib which has NSS support (like libcurl) too much, but which other options do we have? If we used libcurl, then we needed to provide our own packaged version which will be linked against NSS, since most distros ship only openssl/gnutls variants. I'll be very grateful for any further input. Kind regards, Christian [1] http://mail.gnome.org/archives/libsoup-list/2010-August/msg00004.html [2] http://mail.gnome.org/archives/libsoup-list/2010-August/msg00001.html -- kernel concepts GbR Tel: +49-271-771091-14 Sieghuetter Hauptweg 48 Fax: +49-271-771091-19 D-57072 Siegen http://www.kernelconcepts.de/
Attachment:
signature.asc
Description: This is a digitally signed message part.