Issue 81295

Summary: Adopt Mac OS X crypto API instead of using Mozilla's
Product: General Reporter: jogi
Component: codeAssignee: joachim.lingner
Status: CLOSED WONT_FIX QA Contact: issues@framework <issues>
Severity: Trivial    
Priority: P3 CC: issues, malte_timmermann
Version: currentKeywords: aqua
Target Milestone: ---   
Hardware: Mac   
OS: Mac OS X, all   
Issue Type: FEATURE Latest Confirmation in: ---
Developer Difficulty: ---

Description jogi 2007-09-05 14:53:44 UTC 
To avoid dependencies to other libs and to get a better system integration (like
Win32) use the Mac OS X crypto API instead of the one from Mozilla (-> xmlsecurity).

MT, would you please write down which steps need to be done to get this work
done in Cocoa? Thx!
Comment 1 jogi 2007-09-05 14:55:34 UTC 
adding keyword
Comment 2 jogi 2007-09-05 14:56:48 UTC 
MT, please send the issue then to user 'macport' Thx.
Comment 3 philipp.lohmann 2007-09-07 10:31:07 UTC 
mt told me that the system specific integration on Win32 is currently achieved
by libxmlsec itself which is compiled differently to support Windows' on API. A
similar approach for MacOSX would be possible, however the version of libxmlsec
we currently have is quite old; we'd need to switch to a newer version and port
up all our patches that we apply to libxmlsec before compiling it.
Comment 4 malte_timmermann 2007-11-14 13:25:01 UTC 
JL...
Comment 5 stephan_schaefer 2007-11-16 15:52:43 UTC 
*** Issue 77589 has been marked as a duplicate of this issue. ***
Comment 6 kai.sommerfeld 2007-12-06 15:30:16 UTC 
jsi: Sorry, no time to implement this for 3.0. => 3.x
Comment 7 joachim.lingner 2008-05-08 13:43:59 UTC 
.
Comment 8 joachim.lingner 2009-07-22 10:03:23 UTC 
These are actually two things here.
1. Dependency on NSS libs (Mozilla)
2. System integration.

#1. I think it is absolutely ligitimate to use NSS (Mozilla) libs rather then
those from MacOS. The MacOS security lib does NOT make clear what standards it
follows when for example verifying a certificate. 

Also the libxmlsec library (external) which actual creates the XML signature
does not support MacOS. Replacing it will be a huge effort. Keeping in mind that
the legal value of our signature is more than  questionable, this effort is not
justified.

#2. I agree that one should be able to use the system's certificate store. If
this is what you intended please submit a separate issue.
Comment 9 joachim.lingner 2009-07-22 10:04:14 UTC 
.