Should we settle on one SSL implementation?
Andrew Bartlett
abartlet at samba.org
Tue Oct 23 01:02:18 UTC 2007
On Mon, 2007-10-22 at 14:47 +0100, Richard W.M. Jones wrote:
> Bernardo Innocenti wrote:
> > I remember this topic being discussed some time ago,
> > but software is fluid and maybe it's time to respin
> > the topic.
> >
> > It would seem a worthwhile goal to unify SSL/TLS
> > implementations like we did for spell checkers.
> > Or, if it turns out to be too hard, at least it would
> > be nice to their pki files.
>
> I've asked whether we have a standard layout for /etc/pki before, but no
> one seems to know.
>
> > We're now shipping no less than 4 different implementations
> > of SSL:
> >
> > - openssl (OpenBSD's implementation)
> > - nss (Netscape's implementation)
> > - gnutls (LGPL implementation)
> > - puretls (Java implementation)
>
> Make that at least five - ocaml-ocamlnet has a pure-OCaml SSL impl. I'm
> sure Perl & Python probably have their own too.
>
> > But which one should replace the others?
>
> When we implemented encryption in libvirt, we chose gnutls because it
> has excellent examples which allow you to actually write code to use it
> in a short period of time. The others have (or we perceived them to
> have) hideous, confusing or undocumented APIs.
While I'm currently grumpy at gnutls (on debian actually, which is
running 2.0), I do agree it's API and read/write callbacks make
integrating into an existing event system very nice.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20071023/189f6aa4/attachment.sig>
More information about the fedora-devel-list
mailing list