GnuTLS preferable to, and/or safer than, NSS?
foutrelis at archlinux.org
Wed Sep 5 10:06:06 EDT 2012
On 05/09/12 16:49, Ethan Blanton wrote:
> Evangelos Foutras spake unto us the following wisdom:
>> Would it be better for users' safety to use GnuTLS for SSL support
> Not to our knowledge, no.
>> The reason I'm asking is a report I got today , which links to a
>> ticket on Pidgin's tracker . This ticket points to certificate
>> verification code which has been disabled using preprocessor
>> directives. However, Pidgin appears to be doing its own verification
>> by calling purple_certificate_verify() from within
> The person who filed that ticket seems to have flown off the handle
> without really understanding the situation. Our understanding is that
> the certificate verification using both GnuTLS and NSS is
> substantially similar.
>> If someone is knowledgeable in the SSL support code, it would be
>> helpful for me to know the main advantages/disadvantages of the GnuTLS
>> vs NSS implementations in Pidgin and which one is preferable. :)
> This has changed over the years, but mostly depends on the
> correctness, completeness, and stability of the GnuTLS and NSS
> libraries themselves on various distributions. At the moment, I
> believe they are both pretty stable and usable. I think there's a
> stream restarting bug in GnuTLS that strikes some IRC users (although
> I may have that backward), but I'm unaware of any serious flaws in
> either library.
Thank you for the information, Ethan; it is very helpful.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
More information about the Packagers