3600 – Add support for NSS as SSL library

Bug 3600 - Add support for NSS as SSL library

Summary: Add support for NSS as SSL library

Status:	NEW

Alias:	None

Product:	TAO
Classification:	Unclassified
Component:	SSLIOP Pluggable Protocol (show other bugs)
Version:	1.6.8
Hardware:	All Windows NT

Importance:	P3 enhancement
Assignee:	DOC Center Support List (internal)

URL:

Depends on:
Blocks:

Reported:	2009-02-27 01:54 CST by Johnny Willemsen
Modified:	2009-03-03 00:50 CST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johnny Willemsen 2009-02-27 01:54:50 CST

It could be possible to use NSS as SSL implementation under the TAO SSLIOP pluggable protocol. Current idea is that we have to:
- add mpc base projects for NSS
- add ACE_NSS library
- add ACE_NSS regression tests
- rework SSLIOP to use OpenSSL/ACE_SSL or NSS/ACE_NSS

Comment 1 Johnny Willemsen 2009-03-03 00:50:13 CST

Comment of Ossama:


[OO] That's probably the most straightforward approach.  I'm sure it'll work.

However, it would be nice if SSL/TLS protocol related operations (connection management, authentication, certificate management, I/O, etc) could be abstracted behind a generic SSL interface instead of one that is more suited to OpenSSL or NSS, for example.  The ACE SSL/TLS wrappers could implement the Bridge design pattern in much the same way the ACE_Reactor implements it.  I don't know if a Bridge implementation is the best way to go, but it is certainly one way to go.

The idea is to isolate changes to the underlying ACE SSL/TLS implementation, allowing users like TAO_SSLIOP to remain oblivious to the underlying implementation.  I thought about using something like a Bridge pattern to support both gnutls and OpenSSL but I never had time to rework the code.

So many ideas, so little time. :)