libcurl + (NSS or openssl)

David Woodhouse dwmw2 at
Thu Oct 9 14:44:10 UTC 2008

On Wed, 2008-10-08 at 17:34 -0500, Matt_Domsch at wrote:
> I understand the push behind getting as many packages to build against
> nss as possible.  However, nss is not on feature parity with openssl
> at this time.

Using SSL certificates from a TPM is fairly trivial in OpenSSL too. Just
install the openssl-tpm-engine package and it's a few lines of code to
initialise that engine in your application (and curl has callbacks which
let you do it at the appropriate time).

For NSS, there's theoretically a PKCS#12 plugin which can use the TPM,
but it relies on a whole stack of other weird stuff we don't ship,
including more system dæmons, and which I haven't been able to get

Then there's the DTLS protocol, which neither NSS or GNUTLS support at

I actually ditched libcurl and wrote my own http code, cursing all the
time as I did it, because of the switch to NSS.

David Woodhouse                            Open Source Technology Centre
David.Woodhouse at                              Intel Corporation

More information about the devel mailing list