[Nut-upsdev] porting nut to use nss for crypto (was: Re: /sbin/upsdrvctl unable to shutdown UPS due to (unmounted) shared library)
mhlavink at redhat.com
Thu Sep 3 11:04:11 UTC 2009
On Tuesday 01 September 2009 21:15:31 Arnaud Quette wrote:
> Hi Michal,
> 2009/9/1 Arjen de Korte
> > Citeren Michal Hlavinka
> > We would like to use nss for cryptography instead of OpenSSL. Reason for
> >> this
> >> is mostly for FIPS 140 validation.
> >> See:
> >> http://fedoraproject.org/wiki/FedoraCryptoConsolidation
> >> http://fedoraproject.org/wiki/CryptoConsolidationEval
> >> http://fedoraproject.org/wiki/CryptoConsolidationScorecard
> >> also OpenSuSE prefers to use the nss for cryptography for the same
> >> reason (
> >> http://en.opensuse.org/SharedCertStore )
> > The above makes lots of sense.
> very interesting indeed!
> even more knowing that I was considering a gnutls port (mostly for
> licensing issues)...
> thanks a lot for these pointers ;-)
> > Would it be possible to use nss instead of openssl?
> > Most likely, yes.
> > #ifdef blocks would be enough. I can prepare patches. What's your
> > opinion?
> > I would certainly welcome an effort to standardize here, so please
> > provide patches if you have any available. Preferably for the SVN trunk
> > version, but if you only have them for older versions, I could probably
> > port them to the latest version.
> seconded, your work here would be very much appreciated.
Which way is preferred? Complete OpenSSL replacement or new build option only?
I'm little overloaded these days, but I hope I'll start with this next week.
More information about the Nut-upsdev