Thanks for your input, currently I'm trying to get it working with the description supplied here. Am 27.09.2010 22:38, schrieb Howard Chu: >>> doesn't seem to be a configure switch to enable NSS, like with Gnutls or >> >> There is no switch for it at this time. > > And that is because currently MozNSS cannot be used transparently as a > drop-in replacement for OpenSSL or GnuTLS. Once the MozNSS folks get > their PEM handler into their mainline code, it ought to work reasonably > transparently, and at that point we may provide a configure switch for > it. For now, we do not endorse or support it. Perhaps I can give you some additional reason to support NSS: MozNSS has the "certdb thing" and PKCS11 support. We (that is my company: kernel concepts) want to get evolution's ldap backend to support client side certificates from software and hardware tokens and that is exactly, what MozNSS provides out of the box. OpenSSL currently lacks PKCS11 support completely (AFAIK) and Gnutls support for PKCS11 is very new, so our goal is, to get everything we need out of NSS. Kind regards, Silvan
Attachment:
signature.asc
Description: OpenPGP digital signature