On Mon, Sep 08, 2008 at 11:10:11PM +0200, Henri Verbeet wrote:
From cb10664e7d7526951d97f6d9ba2f7429d20b69d4 Mon Sep 17 00:00:00 2001 From: Henri Verbeet hverbeet@gmail.com Date: Mon, 8 Sep 2008 22:39:11 +0200 Subject: secur32: Require gnutls for schannel
+AC_ARG_WITH(gnutls, AS_HELP_STRING([--without-gnutls],[do not use GnuTLS (schannel support)]))
Hmm,
I really do not think gnutls will have a long feature, NSS seems to be the future choice of crypto frameworks :/
Ciao, Marcus
On Mon, Sep 8, 2008 at 2:26 PM, Marcus Meissner marcus@rennboot.centrumbabylon.cz wrote:
On Mon, Sep 08, 2008 at 11:10:11PM +0200, Henri Verbeet wrote:
From cb10664e7d7526951d97f6d9ba2f7429d20b69d4 Mon Sep 17 00:00:00 2001 From: Henri Verbeet hverbeet@gmail.com Date: Mon, 8 Sep 2008 22:39:11 +0200 Subject: secur32: Require gnutls for schannel
+AC_ARG_WITH(gnutls, AS_HELP_STRING([--without-gnutls],[do not use GnuTLS (schannel support)]))
Hmm,
I really do not think gnutls will have a long feature, NSS seems to be the future choice of crypto frameworks :/
Ciao, Marcus
s/feature/future/ ?
On Mon, Sep 08, 2008 at 02:36:36PM -0700, Lei Zhang wrote:
On Mon, Sep 8, 2008 at 2:26 PM, Marcus Meissner marcus@rennboot.centrumbabylon.cz wrote:
On Mon, Sep 08, 2008 at 11:10:11PM +0200, Henri Verbeet wrote:
From cb10664e7d7526951d97f6d9ba2f7429d20b69d4 Mon Sep 17 00:00:00 2001 From: Henri Verbeet hverbeet@gmail.com Date: Mon, 8 Sep 2008 22:39:11 +0200 Subject: secur32: Require gnutls for schannel
+AC_ARG_WITH(gnutls, AS_HELP_STRING([--without-gnutls],[do not use GnuTLS (schannel support)]))
Hmm,
I really do not think gnutls will have a long feature, NSS seems to be the future choice of crypto frameworks :/
Ciao, Marcus
s/feature/future/ ?
future, yes.
But in the end ... well, we will see what wins ;)
Ciao, Marcus
2008/9/8 Marcus Meissner marcus@rennboot.centrumbabylon.cz:
Hmm,
I really do not think gnutls will have a long feature, NSS seems to be the future choice of crypto frameworks :/
Ciao, Marcus
I did have a look at NSS, but didn't see a way to make it work with a simple buffer, which makes in impractical to use for schannel. Perhaps I missed something there though. Another option would of course be to implement TLS ourselves, it's not all that complicated actually.
On Mon, Sep 08, 2008 at 11:37:39PM +0200, Henri Verbeet wrote:
2008/9/8 Marcus Meissner marcus@rennboot.centrumbabylon.cz:
Hmm,
I really do not think gnutls will have a long feature, NSS seems to be the future choice of crypto frameworks :/
Ciao, Marcus
I did have a look at NSS, but didn't see a way to make it work with a simple buffer, which makes in impractical to use for schannel. Perhaps I missed something there though. Another option would of course be to implement TLS ourselves, it's not all that complicated actually.
Hmm. The security guy in me says "do not reimplement" ;)
If its easier with gnutls, please use it. (It will not go away due to lots of software requiring it).
Ciao, Marcus
-
Henri Verbeet -
Lei Zhang -
Marcus Meissner