GnuTLS preferable to, and/or safer than, NSS?

Evangelos Foutras foutrelis at
Wed Sep 5 07:07:18 EDT 2012


I thought this might be an appropriate place to ask.

Would it be better for users' safety to use GnuTLS for SSL support
instead of NSS?

The reason I'm asking is a report I got today [1], which links to a
ticket on Pidgin's tracker [2]. This ticket points to certificate
verification code which has been disabled using preprocessor
directives. However, Pidgin appears to be doing its own verification
by calling purple_certificate_verify() from within

If someone is knowledgeable in the SSL support code, it would be
helpful for me to know the main advantages/disadvantages of the GnuTLS
vs NSS implementations in Pidgin and which one is preferable. :)



More information about the Packagers mailing list