Issue 81295 - Adopt Mac OS X crypto API instead of using Mozilla's
Summary: Adopt Mac OS X crypto API instead of using Mozilla's
Alias: None
Product: General
Classification: Code
Component: code (show other issues)
Version: current
Hardware: Mac Mac OS X, all
: P3 Trivial (vote)
Target Milestone: ---
Assignee: joachim.lingner
QA Contact: issues@framework
Keywords: aqua
: 77589 (view as issue list)
Depends on:
Reported: 2007-09-05 14:53 UTC by jogi
Modified: 2013-08-07 15:31 UTC (History)
2 users (show)

See Also:
Issue Type: FEATURE
Latest Confirmation in: ---
Developer Difficulty: ---


Note You need to log in before you can comment on or make changes to this issue.
Description jogi 2007-09-05 14:53:44 UTC
To avoid dependencies to other libs and to get a better system integration (like
Win32) use the Mac OS X crypto API instead of the one from Mozilla (-> xmlsecurity).

MT, would you please write down which steps need to be done to get this work
done in Cocoa? Thx!
Comment 1 jogi 2007-09-05 14:55:34 UTC
adding keyword
Comment 2 jogi 2007-09-05 14:56:48 UTC
MT, please send the issue then to user 'macport' Thx.
Comment 3 philipp.lohmann 2007-09-07 10:31:07 UTC
mt told me that the system specific integration on Win32 is currently achieved
by libxmlsec itself which is compiled differently to support Windows' on API. A
similar approach for MacOSX would be possible, however the version of libxmlsec
we currently have is quite old; we'd need to switch to a newer version and port
up all our patches that we apply to libxmlsec before compiling it.
Comment 4 malte_timmermann 2007-11-14 13:25:01 UTC
Comment 5 stephan_schaefer 2007-11-16 15:52:43 UTC
*** Issue 77589 has been marked as a duplicate of this issue. ***
Comment 6 kai.sommerfeld 2007-12-06 15:30:16 UTC
jsi: Sorry, no time to implement this for 3.0. => 3.x
Comment 7 joachim.lingner 2008-05-08 13:43:59 UTC
Comment 8 joachim.lingner 2009-07-22 10:03:23 UTC
These are actually two things here.
1. Dependency on NSS libs (Mozilla)
2. System integration.

#1. I think it is absolutely ligitimate to use NSS (Mozilla) libs rather then
those from MacOS. The MacOS security lib does NOT make clear what standards it
follows when for example verifying a certificate. 

Also the libxmlsec library (external) which actual creates the XML signature
does not support MacOS. Replacing it will be a huge effort. Keeping in mind that
the legal value of our signature is more than  questionable, this effort is not

#2. I agree that one should be able to use the system's certificate store. If
this is what you intended please submit a separate issue.
Comment 9 joachim.lingner 2009-07-22 10:04:14 UTC