[Nut-upsdev] porting nut to use nss for crypto (was: Re: /sbin/upsdrvctl unable to shutdown UPS due to (unmounted) shared library)

Arnaud Quette aquette.dev at gmail.com
Thu Sep 3 17:20:07 UTC 2009


2009/9/3 Michal Hlavinka <mhlavink at redhat.com>

> On Tuesday 01 September 2009 21:15:31 Arnaud Quette wrote:
> > Hi Michal,
> >
> > 2009/9/1 Arjen de Korte
> >
> > > Citeren Michal Hlavinka
> > >
> > >  We would like to use nss for cryptography instead of OpenSSL. Reason
> for
> > >
> > >> this
> > >> is mostly for FIPS 140 validation.
> > >>
> > >> See:
> > >> http://fedoraproject.org/wiki/FedoraCryptoConsolidation
> > >> http://fedoraproject.org/wiki/CryptoConsolidationEval
> > >> http://fedoraproject.org/wiki/CryptoConsolidationScorecard
> > >>
> > >> also OpenSuSE prefers to use the nss for cryptography for the same
> > >> reason (
> > >> http://en.opensuse.org/SharedCertStore )
> > >
> > > The above makes lots of sense.
> >
> > very interesting indeed!
> > even more knowing that I was considering a gnutls port (mostly for
> > licensing issues)...
> > thanks a lot for these pointers ;-)
> >
> > >  Would it be possible to use nss instead of openssl?
> > >
> > >
> > > Most likely, yes.
> > >
> > >  #ifdef blocks would be enough. I can prepare patches. What's your
> > > opinion?
> > >
> > >
> > > I would certainly welcome an effort to standardize here, so please
> > > provide patches if you have any available. Preferably for the SVN trunk
> > > version, but if you only have them for older versions, I could probably
> > > port them to the latest version.
> >
> > seconded, your work here would be very much appreciated.
>
> Which way is preferred? Complete OpenSSL replacement or new build option
> only?
>

both ;-)
though I would prefer to give the choice to the user (so a new configure
option with a side implementation), the complete replacement is fine too
(also implies a new "--with-nss") .


> I'm little overloaded these days, but I hope I'll start with this next
> week.
>

no problem. It wasn't planned, and this good news will be a cherry on the
top of the cake ;-)

BTW, are you replacing Tomas on the NUT package maintenance?

cheers,
Arnaud
-- 
Linux / Unix Expert R&D - Eaton - http://www.eaton.com/mgeops
Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/
Debian Developer - http://www.debian.org
Free Software Developer - http://arnaud.quette.free.fr/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/nut-upsdev/attachments/20090903/1601e952/attachment.htm>


More information about the Nut-upsdev mailing list