Bug 3600

Summary: Add support for NSS as SSL library
Product: TAO Reporter: Johnny Willemsen <jwillemsen>
Component: SSLIOP Pluggable ProtocolAssignee: DOC Center Support List (internal) <tao-support>
Status: NEW ---    
Severity: enhancement    
Priority: P3    
Version: 1.6.8   
Hardware: All   
OS: Windows NT   

Description Johnny Willemsen 2009-02-27 01:54:50 CST 
It could be possible to use NSS as SSL implementation under the TAO SSLIOP pluggable protocol. Current idea is that we have to:
- add mpc base projects for NSS
- add ACE_NSS library
- add ACE_NSS regression tests
- rework SSLIOP to use OpenSSL/ACE_SSL or NSS/ACE_NSS
Comment 1 Johnny Willemsen 2009-03-03 00:50:13 CST 
Comment of Ossama:


[OO] That's probably the most straightforward approach.  I'm sure it'll work.

However, it would be nice if SSL/TLS protocol related operations (connection management, authentication, certificate management, I/O, etc) could be abstracted behind a generic SSL interface instead of one that is more suited to OpenSSL or NSS, for example.  The ACE SSL/TLS wrappers could implement the Bridge design pattern in much the same way the ACE_Reactor implements it.  I don't know if a Bridge implementation is the best way to go, but it is certainly one way to go.

The idea is to isolate changes to the underlying ACE SSL/TLS implementation, allowing users like TAO_SSLIOP to remain oblivious to the underlying implementation.  I thought about using something like a Bridge pattern to support both gnutls and OpenSSL but I never had time to rework the code.

So many ideas, so little time. :)