GnuTLS preferable to, and/or safer than, NSS?
Evangelos Foutras
foutrelis at archlinux.org
Wed Sep 5 07:07:18 EDT 2012
Hello,
I thought this might be an appropriate place to ask.
Would it be better for users' safety to use GnuTLS for SSL support
instead of NSS?
The reason I'm asking is a report I got today [1], which links to a
ticket on Pidgin's tracker [2]. This ticket points to certificate
verification code which has been disabled using preprocessor
directives. However, Pidgin appears to be doing its own verification
by calling purple_certificate_verify() from within
ssl_nss_handshake_cb().
If someone is knowledgeable in the SSL support code, it would be
helpful for me to know the main advantages/disadvantages of the GnuTLS
vs NSS implementations in Pidgin and which one is preferable. :)
Thanks.
[1] https://bugs.archlinux.org/task/31417
[2] http://developer.pidgin.im/ticket/15308
More information about the Packagers
mailing list